diff --git a/charts/core/k8s-gateway/security.md b/charts/core/k8s-gateway/security.md index 4b795971f15..4af908e2da4 100644 --- a/charts/core/k8s-gateway/security.md +++ b/charts/core/k8s-gateway/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:15:36.224Z INFO Detected config files: 1 +2021-12-04T19:15:36.224Z INFO Detected config files: 1 #### k8s-gateway/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:15:41.635Z INFO Detected OS: alpine -2021-12-04T19:15:41.635Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:41.643Z INFO Number of language-specific files: 0 +2021-12-04T19:15:41.635Z INFO Detected OS: alpine +2021-12-04T19:15:41.635Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:41.643Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,13 @@ **Container: tccr.io/truecharts/k8s_gateway:v0.1.8@sha256:c71ea11938d6c93b0af6f25230810ec13c7d28b29dfb8512adc6d1def7f200b6** -2021-12-04T19:15:44.065Z INFO Number of language-specific files: 1 -2021-12-04T19:15:44.065Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:15:44.065Z INFO Number of language-specific files: 1 +2021-12-04T19:15:44.065Z INFO Detecting gobinary vulnerabilities... #### coredns - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | go.etcd.io/etcd | CVE-2020-15106 | MEDIUM | v0.5.0-alpha.5.0.20200306183522-221f0cc107cb | v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106
https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/
| - diff --git a/charts/core/prometheus/security.md b/charts/core/prometheus/security.md index 91bf26a6ae3..e3cdb1e3729 100644 --- a/charts/core/prometheus/security.md +++ b/charts/core/prometheus/security.md @@ -4,114 +4,114 @@ ##### Scan Results -2021-12-04T19:15:54.454Z INFO Detected config files: 15 +2021-12-04T19:15:54.454Z INFO Detected config files: 15 #### prometheus/charts/kube-state-metrics/templates/deployment.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -126,14 +126,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:01.381Z INFO Detected OS: alpine -2021-12-04T19:16:01.381Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:01.387Z INFO Number of language-specific files: 0 +2021-12-04T19:16:01.381Z INFO Detected OS: alpine +2021-12-04T19:16:01.381Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:01.387Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -161,15 +161,15 @@ **Container: tccr.io/truecharts/prometheus-operator:v0.52.1@sha256:4b88f439ad22896e917ab39fb1ea7f0ec115e902e026c0ac27a8bc5a507e0493** -2021-12-04T19:16:13.111Z INFO Detected OS: debian -2021-12-04T19:16:13.111Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:13.144Z INFO Number of language-specific files: 2 -2021-12-04T19:16:13.144Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:13.111Z INFO Detected OS: debian +2021-12-04T19:16:13.111Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:13.144Z INFO Number of language-specific files: 2 +2021-12-04T19:16:13.144Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/prometheus-operator:v0.52.1@sha256:4b88f439ad22896e917ab39fb1ea7f0ec115e902e026c0ac27a8bc5a507e0493 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -318,29 +318,29 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211005150130-f29caccc4255 | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: bitnami/kube-state-metrics:2.2.4-debian-10-r0** -2021-12-04T19:16:18.293Z INFO Detected OS: debian -2021-12-04T19:16:18.293Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:18.331Z INFO Number of language-specific files: 1 -2021-12-04T19:16:18.331Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:18.293Z INFO Detected OS: debian +2021-12-04T19:16:18.293Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:18.331Z INFO Number of language-specific files: 1 +2021-12-04T19:16:18.331Z INFO Detecting gobinary vulnerabilities... #### bitnami/kube-state-metrics:2.2.4-debian-10-r0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -489,23 +489,23 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: bitnami/node-exporter:1.3.0-debian-10-r0** -2021-12-04T19:16:20.765Z INFO Detected OS: debian -2021-12-04T19:16:20.765Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:20.792Z INFO Number of language-specific files: 1 -2021-12-04T19:16:20.792Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:20.765Z INFO Detected OS: debian +2021-12-04T19:16:20.765Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:20.792Z INFO Number of language-specific files: 1 +2021-12-04T19:16:20.792Z INFO Detecting gobinary vulnerabilities... #### bitnami/node-exporter:1.3.0-debian-10-r0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -654,9 +654,6 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/core/traefik/security.md b/charts/core/traefik/security.md index 4871a5fc1b7..c06fb4f3930 100644 --- a/charts/core/traefik/security.md +++ b/charts/core/traefik/security.md @@ -4,32 +4,32 @@ ##### Scan Results -2021-12-04T19:15:33.717Z INFO Need to update the built-in policies -2021-12-04T19:15:33.717Z INFO Downloading the built-in policies... -2021-12-04T19:15:35.556Z INFO Detected config files: 3 +2021-12-04T19:15:33.717Z INFO Need to update the built-in policies +2021-12-04T19:15:33.717Z INFO Downloading the built-in policies... +2021-12-04T19:15:35.556Z INFO Detected config files: 3 #### traefik/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -42,16 +42,16 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:15:36.314Z INFO Need to update DB -2021-12-04T19:15:36.314Z INFO Downloading DB... -2021-12-04T19:15:40.413Z INFO Detected OS: alpine -2021-12-04T19:15:40.413Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:40.422Z INFO Number of language-specific files: 0 +2021-12-04T19:15:36.314Z INFO Need to update DB +2021-12-04T19:15:36.314Z INFO Downloading DB... +2021-12-04T19:15:40.413Z INFO Detected OS: alpine +2021-12-04T19:15:40.413Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:40.422Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -79,22 +79,22 @@ **Container: tccr.io/truecharts/traefik:v2.5.4@sha256:e01f2de2f69fcf1a9ac2d8978455ce9731222c7fb78e3885e3f610eaeba6feee** -2021-12-04T19:15:59.477Z INFO Detected OS: alpine -2021-12-04T19:15:59.477Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:59.477Z INFO Number of language-specific files: 1 -2021-12-04T19:15:59.477Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:15:59.477Z INFO Detected OS: alpine +2021-12-04T19:15:59.477Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:59.477Z INFO Number of language-specific files: 1 +2021-12-04T19:15:59.477Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/traefik:v2.5.4@sha256:e01f2de2f69fcf1a9ac2d8978455ce9731222c7fb78e3885e3f610eaeba6feee (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.3.2 | v1.4.11, v1.5.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://nvd.nist.gov/vuln/detail/CVE-2021-41103
https://ubuntu.com/security/notices/USN-5100-1
https://www.debian.org/security/2021/dsa-5002
| @@ -102,4 +102,3 @@ | github.com/containerd/containerd | CVE-2021-21334 | MEDIUM | v1.3.2 | v1.3.10, v1.4.4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21334
https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e
https://github.com/containerd/containerd/releases/tag/v1.3.10
https://github.com/containerd/containerd/releases/tag/v1.4.4
https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/
https://nvd.nist.gov/vuln/detail/CVE-2021-21334
https://security.gentoo.org/glsa/202105-33
https://ubuntu.com/security/notices/USN-4881-1
| | github.com/containerd/containerd | CVE-2021-32760 | MEDIUM | v1.3.2 | v1.4.8, v1.5.4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760
https://github.com/containerd/containerd/releases/tag/v1.4.8
https://github.com/containerd/containerd/releases/tag/v1.5.4
https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
https://linux.oracle.com/cve/CVE-2021-32760.html
https://linux.oracle.com/errata/ELSA-2021-9373.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
https://nvd.nist.gov/vuln/detail/CVE-2021-32760
https://ubuntu.com/security/notices/USN-5012-1
| | github.com/docker/cli | CVE-2021-41092 | HIGH | v0.0.0-20200221155518-740919cc7fc0 | v20.10.9 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092
https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://nvd.nist.gov/vuln/detail/CVE-2021-41092
https://ubuntu.com/security/notices/USN-5134-1
| - diff --git a/charts/incubator/anonaddy/security.md b/charts/incubator/anonaddy/security.md index f9c0e918e2c..d3bc0cd17de 100644 --- a/charts/incubator/anonaddy/security.md +++ b/charts/incubator/anonaddy/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:15:41.056Z INFO Detected config files: 2 +2021-12-04T19:15:41.056Z INFO Detected config files: 2 #### anonaddy/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:15:42.300Z INFO Detected OS: alpine -2021-12-04T19:15:42.300Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:42.308Z INFO Number of language-specific files: 0 +2021-12-04T19:15:42.300Z INFO Detected OS: alpine +2021-12-04T19:15:42.300Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:42.308Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,17 +70,17 @@ **Container: tccr.io/truecharts/anonaddy:v0.8.7@sha256:ec36fa40052eed3629b2346fee28cee0c3c7f00903903f846bfc5261802197d6** -2021-12-04T19:15:52.686Z INFO Detected OS: alpine -2021-12-04T19:15:52.686Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:52.708Z INFO Number of language-specific files: 3 -2021-12-04T19:15:52.708Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:15:52.709Z INFO Detecting composer vulnerabilities... -2021-12-04T19:15:52.720Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:15:52.686Z INFO Detected OS: alpine +2021-12-04T19:15:52.686Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:52.708Z INFO Number of language-specific files: 3 +2021-12-04T19:15:52.708Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:15:52.709Z INFO Detecting composer vulnerabilities... +2021-12-04T19:15:52.720Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/anonaddy:v0.8.7@sha256:ec36fa40052eed3629b2346fee28cee0c3c7f00903903f846bfc5261802197d6 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -141,21 +141,21 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | doctrine/dbal | CVE-2021-43608 | CRITICAL | 3.1.3 | 3.0.99, 3.1.4 |
Click to expand!https://github.com/advisories/GHSA-r7cj-8hjg-x622
https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
| @@ -163,14 +163,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:00.072Z INFO Detected OS: alpine -2021-12-04T19:16:00.072Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:00.078Z INFO Number of language-specific files: 0 +2021-12-04T19:16:00.072Z INFO Detected OS: alpine +2021-12-04T19:16:00.072Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:00.078Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -198,15 +198,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:16:09.836Z INFO Detected OS: debian -2021-12-04T19:16:09.837Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:09.852Z INFO Number of language-specific files: 2 -2021-12-04T19:16:09.852Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:09.836Z INFO Detected OS: debian +2021-12-04T19:16:09.837Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:09.852Z INFO Number of language-specific files: 2 +2021-12-04T19:16:09.852Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -355,16 +355,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/blog/security.md b/charts/incubator/blog/security.md index 81c3dfd97cf..a14dfa6f1b9 100644 --- a/charts/incubator/blog/security.md +++ b/charts/incubator/blog/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:16:28.296Z INFO Detected config files: 2 +2021-12-04T19:16:28.296Z INFO Detected config files: 2 #### blog/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:29.195Z INFO Detected OS: alpine -2021-12-04T19:16:29.195Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:29.203Z INFO Number of language-specific files: 0 +2021-12-04T19:16:29.195Z INFO Detected OS: alpine +2021-12-04T19:16:29.195Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:29.203Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:16:36.250Z INFO Detected OS: debian -2021-12-04T19:16:36.253Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:36.324Z INFO Number of language-specific files: 2 -2021-12-04T19:16:36.324Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:16:36.324Z INFO Detecting jar vulnerabilities... +2021-12-04T19:16:36.250Z INFO Detected OS: debian +2021-12-04T19:16:36.253Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:36.324Z INFO Number of language-specific files: 2 +2021-12-04T19:16:36.324Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:36.324Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,29 +275,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/blog:latest@sha256:22871bf5fcf28e31ca4389e7fff6c44978f4eed9c106fba6e862fe165e649cb0** -2021-12-04T19:16:49.078Z INFO Detected OS: debian -2021-12-04T19:16:49.078Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:49.239Z INFO Number of language-specific files: 0 +2021-12-04T19:16:49.078Z INFO Detected OS: debian +2021-12-04T19:16:49.078Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:49.239Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/blog:latest@sha256:22871bf5fcf28e31ca4389e7fff6c44978f4eed9c106fba6e862fe165e649cb0 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | |
Click to expand!http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.iss.net/security_center/static/7494.php
http://www.securityfocus.com/bid/3521
| @@ -647,14 +647,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:50.219Z INFO Detected OS: alpine -2021-12-04T19:16:50.219Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:50.228Z INFO Number of language-specific files: 0 +2021-12-04T19:16:50.219Z INFO Detected OS: alpine +2021-12-04T19:16:50.219Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:50.228Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -682,16 +682,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:16:51.035Z INFO Detected OS: debian -2021-12-04T19:16:51.035Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:51.096Z INFO Number of language-specific files: 2 -2021-12-04T19:16:51.098Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:16:51.098Z INFO Detecting jar vulnerabilities... +2021-12-04T19:16:51.035Z INFO Detected OS: debian +2021-12-04T19:16:51.035Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:51.096Z INFO Number of language-specific files: 2 +2021-12-04T19:16:51.098Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:51.098Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -886,16 +886,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/bookstack/security.md b/charts/incubator/bookstack/security.md index 649be5fb551..0c7b6a59287 100644 --- a/charts/incubator/bookstack/security.md +++ b/charts/incubator/bookstack/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:16:54.657Z INFO Detected config files: 2 +2021-12-04T19:16:54.657Z INFO Detected config files: 2 #### bookstack/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:56.078Z INFO Detected OS: alpine -2021-12-04T19:16:56.078Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:56.092Z INFO Number of language-specific files: 0 +2021-12-04T19:16:56.078Z INFO Detected OS: alpine +2021-12-04T19:16:56.078Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:56.092Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,27 +70,27 @@ **Container: tccr.io/truecharts/bookstack:v21.11.20211118@sha256:f56ca2e8e3a74e5753700e5835c017264a1ca9b1a9a6740d25a50a003815149e** -2021-12-04T19:17:09.970Z INFO Number of language-specific files: 1 -2021-12-04T19:17:09.971Z INFO Detecting composer vulnerabilities... +2021-12-04T19:17:09.970Z INFO Number of language-specific files: 1 +2021-12-04T19:17:09.971Z INFO Detecting composer vulnerabilities... #### var/www-tmp/html/composer.lock - + **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | symfony/http-kernel | CVE-2021-41267 | MEDIUM | v5.3.10 | 5.3.0, 5.3.12 |
Click to expand!https://github.com/advisories/GHSA-q3j3-w37x-hq2q
https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
https://github.com/symfony/symfony/pull/44243
https://github.com/symfony/symfony/releases/tag/v5.3.12
https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
https://nvd.nist.gov/vuln/detail/CVE-2021-41267
https://symfony.com/cve-2021-41267
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:10.757Z INFO Detected OS: alpine -2021-12-04T19:17:10.757Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:10.770Z INFO Number of language-specific files: 0 +2021-12-04T19:17:10.757Z INFO Detected OS: alpine +2021-12-04T19:17:10.757Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:10.770Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -118,15 +118,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:17:11.844Z INFO Detected OS: debian -2021-12-04T19:17:11.845Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:17:11.871Z INFO Number of language-specific files: 2 -2021-12-04T19:17:11.871Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:17:11.844Z INFO Detected OS: debian +2021-12-04T19:17:11.845Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:17:11.871Z INFO Number of language-specific files: 2 +2021-12-04T19:17:11.871Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,16 +275,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/clarkson/security.md b/charts/incubator/clarkson/security.md index 685cac4f3ca..b87127ed22b 100644 --- a/charts/incubator/clarkson/security.md +++ b/charts/incubator/clarkson/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:17:12.879Z INFO Detected config files: 2 +2021-12-04T19:17:12.879Z INFO Detected config files: 2 #### clarkson/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:13.756Z INFO Detected OS: alpine -2021-12-04T19:17:13.756Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:13.764Z INFO Number of language-specific files: 0 +2021-12-04T19:17:13.756Z INFO Detected OS: alpine +2021-12-04T19:17:13.756Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:13.764Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,25 +70,25 @@ **Container: tccr.io/truecharts/clarkson:v1.1.2@sha256:e54364ee0c78fbfec7e8e220ff1cf7cb49086b3b76c0577e36d6d894b7f20c0d** -2021-12-04T19:17:25.068Z INFO Number of language-specific files: 2 -2021-12-04T19:17:25.068Z INFO Detecting node-pkg vulnerabilities... -2021-12-04T19:17:25.069Z INFO Detecting jar vulnerabilities... -2021-12-04T19:17:25.070Z WARN maven constraint error ([10.5-alpha0,10.5.3.0_1]): failed to new comparer: 2 errors occurred: - * improper constraint: [10.5-alpha0,10.5.3.0_1] - * improper requirements: [] +2021-12-04T19:17:25.068Z INFO Number of language-specific files: 2 +2021-12-04T19:17:25.068Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:17:25.069Z INFO Detecting jar vulnerabilities... +2021-12-04T19:17:25.070Z WARN maven constraint error ([10.5-alpha0,10.5.3.0_1]): failed to new comparer: 2 errors occurred: + * improper constraint: [10.5-alpha0,10.5.3.0_1] + * improper requirements: [] #### Java - + **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | org.apache.derby:derby | CVE-2018-1313 | MEDIUM | 10.12.1.1 | 10.14.2.0 |
Click to expand!http://www.securityfocus.com/bid/104140
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r437d94437e6aef31af689b1e7025d024d676fd1ea9901d74e3e9ae48@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6755f48d4f5e44e39bba7dbf8d746678239d7f1f2cc108125519ce53@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/re29ab90978e6c997377fb975f674f7514f6beb642bbf79deb45477e5@%3Cdev.hive.apache.org%3E
https://markmail.org/message/akkappppxcdqrgxk
https://nvd.nist.gov/vuln/detail/CVE-2018-1313
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | express-jwt | CVE-2020-15084 | CRITICAL | 5.3.3 | 6.0.0 |
Click to expand!https://github.com/advisories/GHSA-6g6m-m6h5-w9gf
https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef
https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf
https://nvd.nist.gov/vuln/detail/CVE-2020-15084
| @@ -96,14 +96,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:26.089Z INFO Detected OS: alpine -2021-12-04T19:17:26.089Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:26.095Z INFO Number of language-specific files: 0 +2021-12-04T19:17:26.089Z INFO Detected OS: alpine +2021-12-04T19:17:26.089Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:26.095Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -131,15 +131,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:17:27.031Z INFO Detected OS: debian -2021-12-04T19:17:27.031Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:17:27.065Z INFO Number of language-specific files: 2 -2021-12-04T19:17:27.065Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:17:27.031Z INFO Detected OS: debian +2021-12-04T19:17:27.031Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:17:27.065Z INFO Number of language-specific files: 2 +2021-12-04T19:17:27.065Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -288,16 +288,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/friendica/security.md b/charts/incubator/friendica/security.md index e4f19aae12c..3a647a57ff1 100644 --- a/charts/incubator/friendica/security.md +++ b/charts/incubator/friendica/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:17:38.802Z INFO Detected config files: 2 +2021-12-04T19:17:38.802Z INFO Detected config files: 2 #### friendica/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:39.584Z INFO Detected OS: alpine -2021-12-04T19:17:39.584Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:39.591Z INFO Number of language-specific files: 0 +2021-12-04T19:17:39.584Z INFO Detected OS: alpine +2021-12-04T19:17:39.584Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:39.591Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,17 +70,17 @@ **Container: tccr.io/truecharts/friendica:v2021.09@sha256:593f97fbe798f2b73e5129717dd178318b2448942de540e49ba9649bac1ef4c3** -2021-12-04T19:17:55.180Z INFO Detected OS: debian -2021-12-04T19:17:55.180Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:17:55.302Z INFO Number of language-specific files: 8 -2021-12-04T19:17:55.302Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:17:55.302Z INFO Detecting composer vulnerabilities... -2021-12-04T19:17:55.303Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:17:55.180Z INFO Detected OS: debian +2021-12-04T19:17:55.180Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:17:55.302Z INFO Number of language-specific files: 8 +2021-12-04T19:17:55.302Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:17:55.302Z INFO Detecting composer vulnerabilities... +2021-12-04T19:17:55.303Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/friendica:v2021.09@sha256:593f97fbe798f2b73e5129717dd178318b2448942de540e49ba9649bac1ef4c3 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-33193 | HIGH | 2.4.38-3+deb10u6 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch
https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/
https://portswigger.net/research/http2
https://security.netapp.com/advisory/ntap-20210917-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://www.tenable.com/security/tns-2021-17
| @@ -933,7 +933,7 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | dompurify | GHSA-mjjq-c88q-qhr6 | CRITICAL | 1.0.11 | 2.0.7 |
Click to expand!https://github.com/advisories/GHSA-mjjq-c88q-qhr6
https://github.com/cure53/DOMPurify/releases/tag/2.0.7
https://www.npmjs.com/advisories/1223
| @@ -947,63 +947,63 @@ | jquery | CVE-2020-11023 | MEDIUM | 2.2.4 | 3.5.0 |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://github.com/advisories/GHSA-jpcq-cgw6-v4j6
https://github.com/jquery/jquery/releases/tag/3.5.0
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
https://jquery.com/upgrade-guide/3.5/
https://linux.oracle.com/cve/CVE-2020-11023.html
https://linux.oracle.com/errata/ELSA-2021-9552.html
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E
https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E
https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | phpseclib/phpseclib | CVE-2021-30130 | HIGH | 2.0.4 | 2.0.31, 3.0.7 |
Click to expand!https://github.com/advisories/GHSA-vf4w-fg7r-5v94
https://github.com/phpseclib/phpseclib/pull/1635
https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
https://nvd.nist.gov/vuln/detail/CVE-2021-30130
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:57.345Z INFO Detected OS: alpine -2021-12-04T19:17:57.345Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:57.364Z INFO Number of language-specific files: 0 +2021-12-04T19:17:57.345Z INFO Detected OS: alpine +2021-12-04T19:17:57.345Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:57.364Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1031,15 +1031,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:17:58.841Z INFO Detected OS: debian -2021-12-04T19:17:58.841Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:17:58.872Z INFO Number of language-specific files: 2 -2021-12-04T19:17:58.872Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:17:58.841Z INFO Detected OS: debian +2021-12-04T19:17:58.841Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:17:58.872Z INFO Number of language-specific files: 2 +2021-12-04T19:17:58.872Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1188,16 +1188,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/icinga2/security.md b/charts/incubator/icinga2/security.md index 10d19a70c41..47711f05d5b 100644 --- a/charts/incubator/icinga2/security.md +++ b/charts/incubator/icinga2/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:17:56.736Z INFO Detected config files: 2 +2021-12-04T19:17:56.736Z INFO Detected config files: 2 #### icinga2/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:57.980Z INFO Detected OS: alpine -2021-12-04T19:17:57.980Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:57.984Z INFO Number of language-specific files: 0 +2021-12-04T19:17:57.980Z INFO Detected OS: alpine +2021-12-04T19:17:57.980Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:57.984Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,15 +70,15 @@ **Container: tccr.io/truecharts/icinga2:v2.13.1@sha256:64116a1e267397888bcd6dd62b428322c81bf925f955867ada5207657a9d79db** -2021-12-04T19:18:19.214Z INFO Detected OS: debian -2021-12-04T19:18:19.214Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:19.392Z INFO Number of language-specific files: 4 -2021-12-04T19:18:19.392Z INFO Detecting composer vulnerabilities... +2021-12-04T19:18:19.214Z INFO Detected OS: debian +2021-12-04T19:18:19.214Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:19.392Z INFO Number of language-specific files: 4 +2021-12-04T19:18:19.392Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/icinga2:v2.13.1@sha256:64116a1e267397888bcd6dd62b428322c81bf925f955867ada5207657a9d79db (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-33193 | HIGH | 2.4.38-3+deb10u6 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch
https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/
https://portswigger.net/research/http2
https://security.netapp.com/advisory/ntap-20210917-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://www.tenable.com/security/tns-2021-17
| @@ -1292,43 +1292,43 @@ | zip | CVE-2018-13410 | LOW | 3.0-11 | |
Click to expand!http://seclists.org/fulldisclosure/2018/Jul/24
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:21.541Z INFO Detected OS: alpine -2021-12-04T19:18:21.541Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:21.549Z INFO Number of language-specific files: 0 +2021-12-04T19:18:21.541Z INFO Detected OS: alpine +2021-12-04T19:18:21.541Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:21.549Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1356,15 +1356,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:18:23.159Z INFO Detected OS: debian -2021-12-04T19:18:23.159Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:23.189Z INFO Number of language-specific files: 2 -2021-12-04T19:18:23.189Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:18:23.159Z INFO Detected OS: debian +2021-12-04T19:18:23.159Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:23.189Z INFO Number of language-specific files: 2 +2021-12-04T19:18:23.189Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1513,16 +1513,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/leantime/security.md b/charts/incubator/leantime/security.md index 39de497bdc7..f677d57a085 100644 --- a/charts/incubator/leantime/security.md +++ b/charts/incubator/leantime/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:18:20.929Z INFO Detected config files: 2 +2021-12-04T19:18:20.929Z INFO Detected config files: 2 #### leantime/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:22.159Z INFO Detected OS: alpine -2021-12-04T19:18:22.159Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:22.166Z INFO Number of language-specific files: 0 +2021-12-04T19:18:22.159Z INFO Detected OS: alpine +2021-12-04T19:18:22.159Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:22.166Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,14 +70,14 @@ **Container: tccr.io/truecharts/leantime:v2.1.7-ls6@sha256:09f51955b47e8bf7cf8c95b7fa4e023ce2fae4aa15ef42db1568b4c23830b5a6** -2021-12-04T19:18:32.296Z INFO Detected OS: alpine -2021-12-04T19:18:32.296Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:32.310Z INFO Number of language-specific files: 0 +2021-12-04T19:18:32.296Z INFO Detected OS: alpine +2021-12-04T19:18:32.296Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:32.310Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/leantime:v2.1.7-ls6@sha256:09f51955b47e8bf7cf8c95b7fa4e023ce2fae4aa15ef42db1568b4c23830b5a6 (alpine 3.12.3) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-26691 | CRITICAL | 2.4.46-r1 | 2.4.48-r0 |
Click to expand!http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
https://linux.oracle.com/cve/CVE-2021-26691.html
https://linux.oracle.com/errata/ELSA-2021-3816.html
https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://ubuntu.com/security/notices/USN-4994-2
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -222,14 +222,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:36.295Z INFO Detected OS: alpine -2021-12-04T19:18:36.295Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:36.299Z INFO Number of language-specific files: 0 +2021-12-04T19:18:36.295Z INFO Detected OS: alpine +2021-12-04T19:18:36.295Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:36.299Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -257,15 +257,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:18:37.613Z INFO Detected OS: debian -2021-12-04T19:18:37.613Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:37.665Z INFO Number of language-specific files: 2 -2021-12-04T19:18:37.665Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:18:37.613Z INFO Detected OS: debian +2021-12-04T19:18:37.613Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:37.665Z INFO Number of language-specific files: 2 +2021-12-04T19:18:37.665Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -414,16 +414,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/monica/security.md b/charts/incubator/monica/security.md index 81e34444191..2538687b11b 100644 --- a/charts/incubator/monica/security.md +++ b/charts/incubator/monica/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:18:33.269Z INFO Detected config files: 2 +2021-12-04T19:18:33.269Z INFO Detected config files: 2 #### monica/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:36.976Z INFO Detected OS: alpine -2021-12-04T19:18:36.976Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:36.981Z INFO Number of language-specific files: 0 +2021-12-04T19:18:36.976Z INFO Detected OS: alpine +2021-12-04T19:18:36.976Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:36.981Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,15 +70,15 @@ **Container: tccr.io/truecharts/monica:v3.5.0@sha256:5f4af565ef3b381c31abc8415d701b7b0019e9986b026cc2dfb263130f5e4214** -2021-12-04T19:18:44.138Z INFO Detected OS: debian -2021-12-04T19:18:44.138Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:44.235Z INFO Number of language-specific files: 1 -2021-12-04T19:18:44.235Z INFO Detecting composer vulnerabilities... +2021-12-04T19:18:44.138Z INFO Detected OS: debian +2021-12-04T19:18:44.138Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:44.235Z INFO Number of language-specific files: 1 +2021-12-04T19:18:44.235Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/monica:v3.5.0@sha256:5f4af565ef3b381c31abc8415d701b7b0019e9986b026cc2dfb263130f5e4214 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | |
Click to expand!http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.iss.net/security_center/static/7494.php
http://www.securityfocus.com/bid/3521
| @@ -432,7 +432,7 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | doctrine/dbal | CVE-2021-43608 | CRITICAL | 3.1.3 | 3.0.99, 3.1.4 |
Click to expand!https://github.com/advisories/GHSA-r7cj-8hjg-x622
https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
| @@ -440,14 +440,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:50.823Z INFO Detected OS: alpine -2021-12-04T19:18:50.823Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:50.832Z INFO Number of language-specific files: 0 +2021-12-04T19:18:50.823Z INFO Detected OS: alpine +2021-12-04T19:18:50.823Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:50.832Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -475,15 +475,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:18:52.889Z INFO Detected OS: debian -2021-12-04T19:18:52.889Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:52.938Z INFO Number of language-specific files: 2 -2021-12-04T19:18:52.938Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:18:52.889Z INFO Detected OS: debian +2021-12-04T19:18:52.889Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:52.938Z INFO Number of language-specific files: 2 +2021-12-04T19:18:52.938Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -632,16 +632,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/omada-controller/security.md b/charts/incubator/omada-controller/security.md index 9216b5b4038..1c049ab00b5 100644 --- a/charts/incubator/omada-controller/security.md +++ b/charts/incubator/omada-controller/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:18:45.293Z INFO Detected config files: 1 +2021-12-04T19:18:45.293Z INFO Detected config files: 1 #### omada-controller/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:51.444Z INFO Detected OS: alpine -2021-12-04T19:18:51.444Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:51.452Z INFO Number of language-specific files: 0 +2021-12-04T19:18:51.444Z INFO Detected OS: alpine +2021-12-04T19:18:51.444Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:51.452Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/omada-controller:v4.4@sha256:7c06f9deb40f1fea1968eedf6da8b49192b89d0c4bcaa11f040d95c127141fb3** -2021-12-04T19:19:08.047Z INFO Detected OS: ubuntu -2021-12-04T19:19:08.047Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:19:08.054Z INFO Number of language-specific files: 1 -2021-12-04T19:19:08.054Z INFO Detecting jar vulnerabilities... +2021-12-04T19:19:08.047Z INFO Detected OS: ubuntu +2021-12-04T19:19:08.047Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:19:08.054Z INFO Number of language-specific files: 1 +2021-12-04T19:19:08.054Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/omada-controller:v4.4@sha256:7c06f9deb40f1fea1968eedf6da8b49192b89d0c4bcaa11f040d95c127141fb3 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -177,7 +177,7 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-14379 | CRITICAL | 2.9.8 | 2.7.9.6, 2.8.11.4, 2.9.9.2 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:2824
https://access.redhat.com/errata/RHSA-2019:2743
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:2935
https://access.redhat.com/errata/RHSA-2019:2936
https://access.redhat.com/errata/RHSA-2019:2937
https://access.redhat.com/errata/RHSA-2019:2938
https://access.redhat.com/errata/RHSA-2019:2998
https://access.redhat.com/errata/RHSA-2019:3044
https://access.redhat.com/errata/RHSA-2019:3045
https://access.redhat.com/errata/RHSA-2019:3046
https://access.redhat.com/errata/RHSA-2019:3050
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3200
https://access.redhat.com/errata/RHSA-2019:3292
https://access.redhat.com/errata/RHSA-2019:3297
https://access.redhat.com/errata/RHSA-2019:3901
https://access.redhat.com/errata/RHSA-2020:0727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2
https://github.com/FasterXML/jackson-databind/issues/2387
https://github.com/advisories/GHSA-6fpp-rgj9-8rwc
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E
https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E
https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
https://nvd.nist.gov/vuln/detail/CVE-2019-14379
https://security.netapp.com/advisory/ntap-20190814-0001/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
| @@ -271,4 +271,3 @@ | org.eclipse.jetty:jetty-webapp | CVE-2020-27218 | MEDIUM | 9.4.15.v20190215 | 9.4.35.v20201120, 11.0.1 |
Click to expand!https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
https://github.com/advisories/GHSA-86wm-rrjm-8wh8
https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1@%3Cdev.hbase.apache.org%3E
https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab@%3Ccommits.spark.apache.org%3E
https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e@%3Ccommits.spark.apache.org%3E
https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25@%3Ccommits.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29@%3Ccommits.spark.apache.org%3E
https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944@%3Ccommits.kafka.apache.org%3E
https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb@%3Ccommits.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88@%3Cdev.hbase.apache.org%3E
https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958@%3Ccommits.hbase.apache.org%3E
https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1@%3Cnotifications.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-27218
https://security.netapp.com/advisory/ntap-20201218-0003/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.hibernate:hibernate-validator | CVE-2020-10693 | MEDIUM | 5.4.3.Final | 6.0.20.Final, 6.1.5.Final, 7.0.0.CR1 |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693
https://github.com/advisories/GHSA-rmrm-75hp-phr2
https://nvd.nist.gov/vuln/detail/CVE-2020-10693
https://www.ibm.com/support/pages/node/6348216
| | org.springframework:spring-webmvc | CVE-2020-5398 | HIGH | 5.1.6.RELEASE | 5.0.16, 5.1.13, 5.2.3 |
Click to expand!https://github.com/advisories/GHSA-8wx2-9q48-vm9r
https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8@%3Ccommits.camel.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-5398
https://pivotal.io/security/cve-2020-5398
https://security.netapp.com/advisory/ntap-20210917-0006/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/charts/incubator/piwigo/security.md b/charts/incubator/piwigo/security.md index 19eab0c4624..892d20d8471 100644 --- a/charts/incubator/piwigo/security.md +++ b/charts/incubator/piwigo/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:19:08.996Z INFO Detected config files: 1 +2021-12-04T19:19:08.996Z INFO Detected config files: 1 #### piwigo/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:19:13.749Z INFO Detected OS: alpine -2021-12-04T19:19:13.749Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:19:13.756Z INFO Number of language-specific files: 0 +2021-12-04T19:19:13.749Z INFO Detected OS: alpine +2021-12-04T19:19:13.749Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:19:13.756Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/piwigo:version-11.5.0@sha256:8f8bb5d28b930edfded154d71dd2eab4ffe5631d2e4f21773bf33b220ab76f05** -2021-12-04T19:19:24.622Z INFO Number of language-specific files: 0 +2021-12-04T19:19:24.622Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/incubator/snipe-it/security.md b/charts/incubator/snipe-it/security.md index 13cd50b4b3d..ddff880b3b2 100644 --- a/charts/incubator/snipe-it/security.md +++ b/charts/incubator/snipe-it/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:19:30.498Z INFO Detected config files: 2 +2021-12-04T19:19:30.498Z INFO Detected config files: 2 #### snipe-it/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:19:31.343Z INFO Detected OS: alpine -2021-12-04T19:19:31.343Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:19:31.351Z INFO Number of language-specific files: 0 +2021-12-04T19:19:31.343Z INFO Detected OS: alpine +2021-12-04T19:19:31.343Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:19:31.351Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,27 +70,27 @@ **Container: tccr.io/truecharts/snipe-it:v5.3.3@sha256:e4e26d777996c34fba581dcb26f05843ece36797f032a01df7fed1f1e32898cb** -2021-12-04T19:19:37.435Z INFO Number of language-specific files: 1 -2021-12-04T19:19:37.435Z INFO Detecting composer vulnerabilities... +2021-12-04T19:19:37.435Z INFO Number of language-specific files: 1 +2021-12-04T19:19:37.435Z INFO Detecting composer vulnerabilities... #### var/www/html/composer.lock - + **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | lcobucci/jwt | CVE-2021-41106 | LOW | 3.4.5 | 3.4.6, 4.0.4, 4.1.5 |
Click to expand!https://github.com/advisories/GHSA-7322-jrq4-x5hf
https://github.com/lcobucci/jwt/commit/8175de5b841fbe3fd97d2d49b3fc15c4ecb39a73
https://github.com/lcobucci/jwt/commit/c45bb8b961a8e742d8f6b88ef5ff1bd5cca5d01c
https://github.com/lcobucci/jwt/security/advisories/GHSA-7322-jrq4-x5hf
https://nvd.nist.gov/vuln/detail/CVE-2021-41106
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:19:38.343Z INFO Detected OS: alpine -2021-12-04T19:19:38.344Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:19:38.349Z INFO Number of language-specific files: 0 +2021-12-04T19:19:38.343Z INFO Detected OS: alpine +2021-12-04T19:19:38.344Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:19:38.349Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -118,15 +118,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:19:39.171Z INFO Detected OS: debian -2021-12-04T19:19:39.171Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:19:39.212Z INFO Number of language-specific files: 2 -2021-12-04T19:19:39.212Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:19:39.171Z INFO Detected OS: debian +2021-12-04T19:19:39.171Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:19:39.212Z INFO Number of language-specific files: 2 +2021-12-04T19:19:39.212Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,16 +275,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/incubator/tdarr-node/security.md b/charts/incubator/tdarr-node/security.md index 5df0e39e854..8fa2b148477 100644 --- a/charts/incubator/tdarr-node/security.md +++ b/charts/incubator/tdarr-node/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:19:43.512Z INFO Detected config files: 1 +2021-12-04T19:19:43.512Z INFO Detected config files: 1 #### tdarr-node/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:19:44.568Z INFO Detected OS: alpine -2021-12-04T19:19:44.568Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:19:44.580Z INFO Number of language-specific files: 0 +2021-12-04T19:19:44.568Z INFO Detected OS: alpine +2021-12-04T19:19:44.568Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:19:44.580Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/tdarr_node:v2.00.11@sha256:f4ff41e5a09ea97bb468bb584e44c0f7d869a989404aa6a7618db1e040ccb31e** -2021-12-04T19:20:12.452Z INFO Detected OS: ubuntu -2021-12-04T19:20:12.452Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:20:12.463Z INFO Number of language-specific files: 0 +2021-12-04T19:20:12.452Z INFO Detected OS: ubuntu +2021-12-04T19:20:12.452Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:20:12.463Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/tdarr_node:v2.00.11@sha256:f4ff41e5a09ea97bb468bb584e44c0f7d869a989404aa6a7618db1e040ccb31e (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -314,4 +314,3 @@ | systemd-timesyncd | CVE-2020-13529 | LOW | 245.4-4ubuntu3.3 | 245.4-4ubuntu3.10 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2
| | tar | CVE-2019-9923 | LOW | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.1 |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| - diff --git a/charts/incubator/tdarr/security.md b/charts/incubator/tdarr/security.md index 7ca62d46ae9..17951e7746a 100644 --- a/charts/incubator/tdarr/security.md +++ b/charts/incubator/tdarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:20:13.433Z INFO Detected config files: 1 +2021-12-04T19:20:13.433Z INFO Detected config files: 1 #### tdarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:14.420Z INFO Detected OS: alpine -2021-12-04T19:20:14.420Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:14.428Z INFO Number of language-specific files: 0 +2021-12-04T19:20:14.420Z INFO Detected OS: alpine +2021-12-04T19:20:14.420Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:14.428Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/tdarr:v2.00.11@sha256:6fdd803b7a48519691ae1b18bf0700cf287fd8773557a0d6d0d16c782528ae18** -2021-12-04T19:20:31.295Z INFO Detected OS: ubuntu -2021-12-04T19:20:31.295Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:20:31.299Z INFO Number of language-specific files: 0 +2021-12-04T19:20:31.295Z INFO Detected OS: ubuntu +2021-12-04T19:20:31.295Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:20:31.299Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/tdarr:v2.00.11@sha256:6fdd803b7a48519691ae1b18bf0700cf287fd8773557a0d6d0d16c782528ae18 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -314,4 +314,3 @@ | systemd-timesyncd | CVE-2020-13529 | LOW | 245.4-4ubuntu3.3 | 245.4-4ubuntu3.10 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2
| | tar | CVE-2019-9923 | LOW | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.1 |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| - diff --git a/charts/incubator/xbackbone/security.md b/charts/incubator/xbackbone/security.md index e14aba3f726..8536ea2e0f9 100644 --- a/charts/incubator/xbackbone/security.md +++ b/charts/incubator/xbackbone/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:20:32.170Z INFO Detected config files: 2 +2021-12-04T19:20:32.170Z INFO Detected config files: 2 #### xbackbone/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:33.875Z INFO Detected OS: alpine -2021-12-04T19:20:33.875Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:33.882Z INFO Number of language-specific files: 0 +2021-12-04T19:20:33.875Z INFO Detected OS: alpine +2021-12-04T19:20:33.875Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:33.882Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,17 +70,17 @@ **Container: tccr.io/truecharts/xbackbone:v3.3.3@sha256:c22e8806732b5a63a9761d413f4dd3a39af9427a12818e8ff769094ebc141c99** -2021-12-04T19:20:43.175Z INFO Detected OS: alpine -2021-12-04T19:20:43.175Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:43.239Z INFO Number of language-specific files: 1 -2021-12-04T19:20:43.239Z INFO Detecting composer vulnerabilities... -2021-12-04T19:20:43.240Z WARN This OS version is no longer supported by the distribution: alpine 3.9.5 -2021-12-04T19:20:43.240Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:20:43.175Z INFO Detected OS: alpine +2021-12-04T19:20:43.175Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:43.239Z INFO Number of language-specific files: 1 +2021-12-04T19:20:43.239Z INFO Detecting composer vulnerabilities... +2021-12-04T19:20:43.240Z WARN This OS version is no longer supported by the distribution: alpine 3.9.5 +2021-12-04T19:20:43.240Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/xbackbone:v3.3.3@sha256:c22e8806732b5a63a9761d413f4dd3a39af9427a12818e8ff769094ebc141c99 (alpine 3.9.5) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | cups-libs | CVE-2020-3898 | HIGH | 2.2.12-r0 | 2.2.12-r1 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898
https://linux.oracle.com/cve/CVE-2020-3898.html
https://linux.oracle.com/errata/ELSA-2020-4469.html
https://support.apple.com/en-us/HT211100
https://support.apple.com/kb/HT211100
https://ubuntu.com/security/notices/USN-4340-1
| @@ -442,21 +442,21 @@ | sqlite-libs | CVE-2020-11655 | HIGH | 3.28.0-r2 | 3.28.0-r3 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11655
https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
https://security.gentoo.org/glsa/202007-26
https://security.netapp.com/advisory/ntap-20200416-0001/
https://ubuntu.com/security/notices/USN-4394-1
https://usn.ubuntu.com/4394-1/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11
https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | league/flysystem | CVE-2021-32708 | HIGH | 1.0.70 | 1.1.4, 2.1.1 |
Click to expand!https://github.com/advisories/GHSA-9f46-5r25-5wfm
https://github.com/thephpleague/flysystem/commit/a3c694de9f7e844b76f9d1b61296ebf6e8d89d74
https://github.com/thephpleague/flysystem/commit/f3ad69181b8afed2c9edf7be5a2918144ff4ea32
https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWPTENBYKI2IG47GI4DHAACLNRLTWUR5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNZSWK4GOMJOOHKLZEOE5AQSLC4DNCRZ/
https://nvd.nist.gov/vuln/detail/CVE-2021-32708
https://packagist.org/packages/league/flysystem
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:59.051Z INFO Detected OS: alpine -2021-12-04T19:20:59.051Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:59.069Z INFO Number of language-specific files: 0 +2021-12-04T19:20:59.051Z INFO Detected OS: alpine +2021-12-04T19:20:59.051Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:59.069Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -484,15 +484,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:21:00.409Z INFO Detected OS: debian -2021-12-04T19:21:00.409Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:21:00.448Z INFO Number of language-specific files: 2 -2021-12-04T19:21:00.448Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:21:00.409Z INFO Detected OS: debian +2021-12-04T19:21:00.409Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:21:00.448Z INFO Number of language-specific files: 2 +2021-12-04T19:21:00.448Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -641,16 +641,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/airsonic/security.md b/charts/stable/airsonic/security.md index b6b020ba61f..1c5d5e45c19 100644 --- a/charts/stable/airsonic/security.md +++ b/charts/stable/airsonic/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:20:32.747Z INFO Detected config files: 1 +2021-12-04T19:20:32.747Z INFO Detected config files: 1 #### airsonic/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:35.271Z INFO Detected OS: alpine -2021-12-04T19:20:35.271Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:35.275Z INFO Number of language-specific files: 0 +2021-12-04T19:20:35.271Z INFO Detected OS: alpine +2021-12-04T19:20:35.271Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:35.275Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/airsonic:version-v10.6.2@sha256:f0065aa44fb1c38b7fc30d34e220138dc0a0c6477b78eb7f59015622c2052030** -2021-12-04T19:20:57.872Z INFO Detected OS: ubuntu -2021-12-04T19:20:57.872Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:20:57.882Z INFO Number of language-specific files: 1 -2021-12-04T19:20:57.882Z INFO Detecting jar vulnerabilities... +2021-12-04T19:20:57.872Z INFO Detected OS: ubuntu +2021-12-04T19:20:57.872Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:20:57.882Z INFO Number of language-specific files: 1 +2021-12-04T19:20:57.882Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/airsonic:version-v10.6.2@sha256:f0065aa44fb1c38b7fc30d34e220138dc0a0c6477b78eb7f59015622c2052030 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -675,7 +675,7 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ch.qos.logback:logback-classic | CVE-2017-5929 | CRITICAL | 1.1.11 | 1.2.0 |
Click to expand!http://www.cvedetails.com/cve/CVE-2017-5929/
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2017:1832
https://access.redhat.com/errata/RHSA-2018:2927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E
https://logback.qos.ch/news.html
https://nvd.nist.gov/vuln/detail/CVE-2017-5929
| @@ -703,4 +703,3 @@ | org.springframework.security:spring-security-core | CVE-2020-5408 | MEDIUM | 4.2.13.RELEASE | 4.2.16.RELEASE, 5.0.16.RELEASE, 5.1.10.RELEASE, 5.2.4.RELEASE, 5.3.2.RELEASE |
Click to expand!https://github.com/advisories/GHSA-2ppp-9496-p23q
https://nvd.nist.gov/vuln/detail/CVE-2020-5408
https://tanzu.vmware.com/security/cve-2020-5408
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
| | org.springframework.security:spring-security-web | CVE-2021-22112 | HIGH | 4.2.13.RELEASE | 5.3.8, 5.4.4, 5.2.9 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/7
https://github.com/advisories/GHSA-gq28-h5vg-8prx
https://github.com/spring-projects/spring-security/releases/tag/5.4.4
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22112
https://tanzu.vmware.com/security/cve-2021-22112
https://www.jenkins.io/security/advisory/2021-02-19/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.17 | 1.26 |
Click to expand!https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack
https://bitbucket.org/asomov/snakeyaml/wiki/Changes
https://github.com/advisories/GHSA-rvwf-54qp-4r6v
https://linux.oracle.com/cve/CVE-2017-18640.html
https://linux.oracle.com/errata/ELSA-2020-4807.html
https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages
https://nvd.nist.gov/vuln/detail/CVE-2017-18640
https://www.oracle.com/security-alerts/cpuApr2021.html
| - diff --git a/charts/stable/amcrest2mqtt/security.md b/charts/stable/amcrest2mqtt/security.md index 3b8a4bc61b0..080e87e449a 100644 --- a/charts/stable/amcrest2mqtt/security.md +++ b/charts/stable/amcrest2mqtt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:20:58.430Z INFO Detected config files: 1 +2021-12-04T19:20:58.430Z INFO Detected config files: 1 #### amcrest2mqtt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:59.709Z INFO Detected OS: alpine -2021-12-04T19:20:59.709Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:59.715Z INFO Number of language-specific files: 0 +2021-12-04T19:20:59.709Z INFO Detected OS: alpine +2021-12-04T19:20:59.709Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:59.715Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/amcrest2mqtt:v1.0.11@sha256:8721ad99bcd3392b206c71720718f8e56e58188ecae5076b75c71a46cf1239fc** -2021-12-04T19:21:02.759Z INFO Detected OS: alpine -2021-12-04T19:21:02.759Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:21:02.763Z INFO Number of language-specific files: 1 -2021-12-04T19:21:02.763Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:21:02.759Z INFO Detected OS: alpine +2021-12-04T19:21:02.759Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:21:02.763Z INFO Number of language-specific files: 1 +2021-12-04T19:21:02.763Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/amcrest2mqtt:v1.0.11@sha256:8721ad99bcd3392b206c71720718f8e56e58188ecae5076b75c71a46cf1239fc (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -97,9 +97,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/apache-musicindex/security.md b/charts/stable/apache-musicindex/security.md index f291f1be0ba..77349e3984a 100644 --- a/charts/stable/apache-musicindex/security.md +++ b/charts/stable/apache-musicindex/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:21:03.543Z INFO Detected config files: 1 +2021-12-04T19:21:03.543Z INFO Detected config files: 1 #### apache-musicindex/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:21:04.419Z INFO Detected OS: alpine -2021-12-04T19:21:04.419Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:21:04.423Z INFO Number of language-specific files: 0 +2021-12-04T19:21:04.419Z INFO Detected OS: alpine +2021-12-04T19:21:04.419Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:21:04.423Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/apache-musicindex:v1.4.1-2@sha256:442d1edfbf89b8a2a42c0d649f53f091c39256c65f922078ad38ff60bdbdadf9** -2021-12-04T19:21:13.410Z INFO Detected OS: ubuntu -2021-12-04T19:21:13.410Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:21:13.420Z INFO Number of language-specific files: 1 -2021-12-04T19:21:13.421Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:21:13.410Z INFO Detected OS: ubuntu +2021-12-04T19:21:13.410Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:21:13.420Z INFO Number of language-specific files: 1 +2021-12-04T19:21:13.421Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/apache-musicindex:v1.4.1-2@sha256:442d1edfbf89b8a2a42c0d649f53f091c39256c65f922078ad38ff60bdbdadf9 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2019-17567 | MEDIUM | 2.4.41-4ubuntu3.3 | |
Click to expand!http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -267,8 +267,7 @@ | perl-modules-5.30 | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/appdaemon/security.md b/charts/stable/appdaemon/security.md index f619dd73ab9..8c44517d58b 100644 --- a/charts/stable/appdaemon/security.md +++ b/charts/stable/appdaemon/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:21:44.334Z INFO Detected config files: 1 +2021-12-04T19:21:44.334Z INFO Detected config files: 1 #### appdaemon/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:21:45.369Z INFO Detected OS: alpine -2021-12-04T19:21:45.369Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:21:45.378Z INFO Number of language-specific files: 0 +2021-12-04T19:21:45.369Z INFO Detected OS: alpine +2021-12-04T19:21:45.369Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:21:45.378Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,17 +61,17 @@ **Container: tccr.io/truecharts/appdaemon:v4.1.0@sha256:f490c318750595459824cb9355b95c8cdab768271288477454b212a8a93499a6** -2021-12-04T19:22:07.262Z INFO Detected OS: alpine -2021-12-04T19:22:07.262Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:07.266Z INFO Number of language-specific files: 4 -2021-12-04T19:22:07.266Z INFO Detecting cargo vulnerabilities... -2021-12-04T19:22:07.266Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:22:07.269Z WARN version error (3.7.4.post0): malformed version: 3.7.4.post0 +2021-12-04T19:22:07.262Z INFO Detected OS: alpine +2021-12-04T19:22:07.262Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:07.266Z INFO Number of language-specific files: 4 +2021-12-04T19:22:07.266Z INFO Detecting cargo vulnerabilities... +2021-12-04T19:22:07.266Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:22:07.269Z WARN version error (3.7.4.post0): malformed version: 3.7.4.post0 #### tccr.io/truecharts/appdaemon:v4.1.0@sha256:f490c318750595459824cb9355b95c8cdab768271288477454b212a8a93499a6 (alpine 3.14.1) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -111,29 +111,26 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | aiohttp | pyup.io-42692 | UNKNOWN | 3.7.4.post0 | 3.8.0 |
Click to expand!
| **cargo** - + | No Vulnerabilities found | |:---------------------------------| - + **cargo** - + | No Vulnerabilities found | |:---------------------------------| - + **cargo** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/aria2/security.md b/charts/stable/aria2/security.md index ba05f2ed8ec..e97c70448e5 100644 --- a/charts/stable/aria2/security.md +++ b/charts/stable/aria2/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:22:11.653Z INFO Detected config files: 1 +2021-12-04T19:22:11.653Z INFO Detected config files: 1 #### aria2/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:16.626Z INFO Detected OS: alpine -2021-12-04T19:22:16.626Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:16.636Z INFO Number of language-specific files: 0 +2021-12-04T19:22:16.626Z INFO Detected OS: alpine +2021-12-04T19:22:16.626Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:16.636Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/aria2-pro:latest@sha256:6c0ddcc7be4da69ac146ff3153df727a5818f733636a1c4d9b78ccffd6106a23** -2021-12-04T19:22:47.545Z INFO Detected OS: alpine -2021-12-04T19:22:47.545Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:47.554Z INFO Number of language-specific files: 0 +2021-12-04T19:22:47.545Z INFO Detected OS: alpine +2021-12-04T19:22:47.545Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:47.554Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/aria2-pro:latest@sha256:6c0ddcc7be4da69ac146ff3153df727a5818f733636a1c4d9b78ccffd6106a23 (alpine 3.12.7) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-28831 | HIGH | 1.31.1-r20 | 1.32.1-r4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
| @@ -103,4 +103,3 @@ | ssl_client | CVE-2021-42385 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| - diff --git a/charts/stable/audacity/security.md b/charts/stable/audacity/security.md index 821183e7f7b..d71cffce9cc 100644 --- a/charts/stable/audacity/security.md +++ b/charts/stable/audacity/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:22:08.572Z INFO Detected config files: 1 +2021-12-04T19:22:08.572Z INFO Detected config files: 1 #### audacity/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:16.032Z INFO Detected OS: alpine -2021-12-04T19:22:16.032Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:16.042Z INFO Number of language-specific files: 0 +2021-12-04T19:22:16.032Z INFO Detected OS: alpine +2021-12-04T19:22:16.032Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:16.042Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/audacity:v3.0.2@sha256:a0a829c08c74236b405888f26c4a52251b403db6ca8946895d00505ba1a1ffc7** -2021-12-04T19:22:36.414Z INFO Detected OS: ubuntu -2021-12-04T19:22:36.414Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:22:36.419Z INFO Number of language-specific files: 1 -2021-12-04T19:22:36.419Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:22:36.414Z INFO Detected OS: ubuntu +2021-12-04T19:22:36.414Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:22:36.419Z INFO Number of language-specific files: 1 +2021-12-04T19:22:36.419Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/audacity:v3.0.2@sha256:a0a829c08c74236b405888f26c4a52251b403db6ca8946895d00505ba1a1ffc7 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -440,7 +440,7 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -451,4 +451,3 @@ | tar | CVE-2021-37701 | HIGH | 6.1.1 | 6.1.7, 5.0.8, 4.4.16 |
Click to expand!https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37712 | HIGH | 6.1.1 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37713 | HIGH | 6.1.1 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/charts/stable/authelia/security.md b/charts/stable/authelia/security.md index 213a9eb6b93..3fc764712ac 100644 --- a/charts/stable/authelia/security.md +++ b/charts/stable/authelia/security.md @@ -4,30 +4,30 @@ ##### Scan Results -2021-12-04T19:22:08.025Z INFO Detected config files: 3 +2021-12-04T19:22:08.025Z INFO Detected config files: 3 #### authelia/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -45,14 +45,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:11.130Z INFO Detected OS: alpine -2021-12-04T19:22:11.130Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:11.139Z INFO Number of language-specific files: 0 +2021-12-04T19:22:11.130Z INFO Detected OS: alpine +2021-12-04T19:22:11.130Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:11.139Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -80,16 +80,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:22:12.985Z INFO Detected OS: debian -2021-12-04T19:22:12.985Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:22:13.014Z INFO Number of language-specific files: 2 -2021-12-04T19:22:13.014Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:22:13.014Z INFO Detecting jar vulnerabilities... +2021-12-04T19:22:12.985Z INFO Detected OS: debian +2021-12-04T19:22:12.985Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:22:13.014Z INFO Number of language-specific files: 2 +2021-12-04T19:22:13.014Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:13.014Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -284,55 +284,55 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d** -2021-12-04T19:22:39.064Z INFO Detected OS: alpine -2021-12-04T19:22:39.064Z WARN This OS version is not on the EOL list: alpine 3.15 -2021-12-04T19:22:39.064Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:39.065Z INFO Number of language-specific files: 1 -2021-12-04T19:22:39.065Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:22:39.066Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 -2021-12-04T19:22:39.066Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:22:39.064Z INFO Detected OS: alpine +2021-12-04T19:22:39.064Z WARN This OS version is not on the EOL list: alpine 3.15 +2021-12-04T19:22:39.064Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:39.065Z INFO Number of language-specific files: 1 +2021-12-04T19:22:39.065Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:39.066Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 +2021-12-04T19:22:39.066Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d (alpine 3.15.0) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:40.646Z INFO Detected OS: alpine -2021-12-04T19:22:40.646Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:40.668Z INFO Number of language-specific files: 0 +2021-12-04T19:22:40.646Z INFO Detected OS: alpine +2021-12-04T19:22:40.646Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:40.668Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -360,15 +360,15 @@ **Container: tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae** -2021-12-04T19:22:52.900Z INFO Detected OS: debian -2021-12-04T19:22:52.900Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:22:52.932Z INFO Number of language-specific files: 2 -2021-12-04T19:22:52.932Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:52.900Z INFO Detected OS: debian +2021-12-04T19:22:52.900Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:22:52.932Z INFO Number of language-specific files: 2 +2021-12-04T19:22:52.932Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -515,29 +515,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:54.651Z INFO Detected OS: alpine -2021-12-04T19:22:54.651Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:54.664Z INFO Number of language-specific files: 0 +2021-12-04T19:22:54.651Z INFO Detected OS: alpine +2021-12-04T19:22:54.651Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:54.664Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -565,16 +565,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:22:56.329Z INFO Detected OS: debian -2021-12-04T19:22:56.329Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:22:56.362Z INFO Number of language-specific files: 2 -2021-12-04T19:22:56.362Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:22:56.362Z INFO Detecting jar vulnerabilities... +2021-12-04T19:22:56.329Z INFO Detected OS: debian +2021-12-04T19:22:56.329Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:22:56.362Z INFO Number of language-specific files: 2 +2021-12-04T19:22:56.362Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:56.362Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -769,16 +769,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/babybuddy/security.md b/charts/stable/babybuddy/security.md index 5f5558f9b2f..facfc72d029 100644 --- a/charts/stable/babybuddy/security.md +++ b/charts/stable/babybuddy/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:22:39.948Z INFO Detected config files: 2 +2021-12-04T19:22:39.948Z INFO Detected config files: 2 #### babybuddy/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:54.039Z INFO Detected OS: alpine -2021-12-04T19:22:54.039Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:54.045Z INFO Number of language-specific files: 0 +2021-12-04T19:22:54.039Z INFO Detected OS: alpine +2021-12-04T19:22:54.039Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:54.045Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:22:55.616Z INFO Detected OS: debian -2021-12-04T19:22:55.616Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:22:55.658Z INFO Number of language-specific files: 2 -2021-12-04T19:22:55.658Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:22:55.658Z INFO Detecting jar vulnerabilities... +2021-12-04T19:22:55.616Z INFO Detected OS: debian +2021-12-04T19:22:55.616Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:22:55.658Z INFO Number of language-specific files: 2 +2021-12-04T19:22:55.658Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:55.658Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,50 +275,50 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/babybuddy:v1.9.1@sha256:da34791df622b4eea3c1bd6c3c585f0e7e229140f6b60802fabed2ffcad238b2** -2021-12-04T19:23:17.867Z INFO Number of language-specific files: 2 -2021-12-04T19:23:17.867Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:23:17.892Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:23:17.867Z INFO Number of language-specific files: 2 +2021-12-04T19:23:17.867Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:23:17.892Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | reportlab | CVE-2020-28463 | MEDIUM | 3.6.2 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1930417
https://github.com/advisories/GHSA-mpvw-25mg-59vx
https://hg.reportlab.com/hg-public/reportlab/file/f094d273903a/CHANGES.md#l71
https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/
https://nvd.nist.gov/vuln/detail/CVE-2020-28463
https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
https://www.reportlab.com/docs/reportlab-userguide.pdf
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:23:19.420Z INFO Detected OS: alpine -2021-12-04T19:23:19.420Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:23:19.425Z INFO Number of language-specific files: 0 +2021-12-04T19:23:19.420Z INFO Detected OS: alpine +2021-12-04T19:23:19.420Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:23:19.425Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -346,16 +346,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:23:20.640Z INFO Detected OS: debian -2021-12-04T19:23:20.640Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:23:20.686Z INFO Number of language-specific files: 2 -2021-12-04T19:23:20.686Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:23:20.686Z INFO Detecting jar vulnerabilities... +2021-12-04T19:23:20.640Z INFO Detected OS: debian +2021-12-04T19:23:20.640Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:23:20.686Z INFO Number of language-specific files: 2 +2021-12-04T19:23:20.686Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:23:20.686Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -550,16 +550,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/bazarr/security.md b/charts/stable/bazarr/security.md index 93135a8e825..f86618d7281 100644 --- a/charts/stable/bazarr/security.md +++ b/charts/stable/bazarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:23:18.527Z INFO Detected config files: 1 +2021-12-04T19:23:18.527Z INFO Detected config files: 1 #### bazarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:23:19.995Z INFO Detected OS: alpine -2021-12-04T19:23:19.995Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:23:20.001Z INFO Number of language-specific files: 0 +2021-12-04T19:23:19.995Z INFO Detected OS: alpine +2021-12-04T19:23:19.995Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:23:20.001Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/bazarr:v1.0.1@sha256:b6d3d33d3f964e4de7563096f07476f9f2c990f2268e1f9814d3281c3181111e** -2021-12-04T19:23:37.001Z INFO Detected OS: ubuntu -2021-12-04T19:23:37.001Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:23:37.005Z INFO Number of language-specific files: 2 -2021-12-04T19:23:37.005Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:23:37.006Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:23:37.001Z INFO Detected OS: ubuntu +2021-12-04T19:23:37.001Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:23:37.005Z INFO Number of language-specific files: 2 +2021-12-04T19:23:37.005Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:23:37.006Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/bazarr:v1.0.1@sha256:b6d3d33d3f964e4de7563096f07476f9f2c990f2268e1f9814d3281c3181111e (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -728,15 +728,14 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/beets/security.md b/charts/stable/beets/security.md index 98f279e4e92..3a8a9c8af9c 100644 --- a/charts/stable/beets/security.md +++ b/charts/stable/beets/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:23:37.846Z INFO Detected config files: 1 +2021-12-04T19:23:37.846Z INFO Detected config files: 1 #### beets/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:23:39.006Z INFO Detected OS: alpine -2021-12-04T19:23:39.006Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:23:39.013Z INFO Number of language-specific files: 0 +2021-12-04T19:23:39.006Z INFO Detected OS: alpine +2021-12-04T19:23:39.006Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:23:39.013Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,13 @@ **Container: tccr.io/truecharts/beets:v1.5.0@sha256:031e2eec738848149e808eb102279817aa3fea8e57d012191daf1c471de07703** -2021-12-04T19:23:47.194Z INFO Number of language-specific files: 1 -2021-12-04T19:23:47.194Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:23:47.194Z INFO Number of language-specific files: 1 +2021-12-04T19:23:47.194Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | beets | pyup.io-42892 | UNKNOWN | 1.5.0 | 1.6.0 |
Click to expand!
| - diff --git a/charts/stable/booksonic-air/security.md b/charts/stable/booksonic-air/security.md index 5a7a73add3f..d5eaed58838 100644 --- a/charts/stable/booksonic-air/security.md +++ b/charts/stable/booksonic-air/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:23:47.705Z INFO Detected config files: 1 +2021-12-04T19:23:47.705Z INFO Detected config files: 1 #### booksonic-air/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:23:48.807Z INFO Detected OS: alpine -2021-12-04T19:23:48.807Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:23:48.815Z INFO Number of language-specific files: 0 +2021-12-04T19:23:48.807Z INFO Detected OS: alpine +2021-12-04T19:23:48.807Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:23:48.815Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/booksonic-air:v2009.1.0@sha256:300d9d7d0c343daf7e5964737cfb25fb1dad5cff29ebe45076070e04c924014a** -2021-12-04T19:24:10.473Z INFO Detected OS: ubuntu -2021-12-04T19:24:10.473Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:24:10.501Z INFO Number of language-specific files: 1 -2021-12-04T19:24:10.501Z INFO Detecting jar vulnerabilities... +2021-12-04T19:24:10.473Z INFO Detected OS: ubuntu +2021-12-04T19:24:10.473Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:24:10.501Z INFO Number of language-specific files: 1 +2021-12-04T19:24:10.501Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/booksonic-air:v2009.1.0@sha256:300d9d7d0c343daf7e5964737cfb25fb1dad5cff29ebe45076070e04c924014a (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -676,7 +676,7 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.google.guava:guava | CVE-2020-8908 | LOW | 28.2-jre | 30.0 |
Click to expand!https://github.com/advisories/GHSA-5mg8-w23w-74h3
https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
https://github.com/google/guava/issues/4011
https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r037fed1d0ebde50c9caf8d99815db3093c344c3f651c5a49a09824ce@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E
https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-8908
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -698,4 +698,3 @@ | org.springframework.security:spring-security-core | CVE-2021-22119 | HIGH | 5.2.4.RELEASE | 5.2.11.RELEASE, 5.3.10.RELEASE, 5.4.7, 5.5.1 |
Click to expand!https://github.com/advisories/GHSA-w9jg-gvgr-354m
https://github.com/spring-projects/spring-security/pull/9513
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22119
https://tanzu.vmware.com/security/cve-2021-22119
| | org.springframework.security:spring-security-web | CVE-2021-22112 | HIGH | 5.2.4.RELEASE | 5.3.8, 5.4.4, 5.2.9 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/7
https://github.com/advisories/GHSA-gq28-h5vg-8prx
https://github.com/spring-projects/spring-security/releases/tag/5.4.4
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22112
https://tanzu.vmware.com/security/cve-2021-22112
https://www.jenkins.io/security/advisory/2021-02-19/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.25 | 1.26 |
Click to expand!https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack
https://bitbucket.org/asomov/snakeyaml/wiki/Changes
https://github.com/advisories/GHSA-rvwf-54qp-4r6v
https://linux.oracle.com/cve/CVE-2017-18640.html
https://linux.oracle.com/errata/ELSA-2020-4807.html
https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages
https://nvd.nist.gov/vuln/detail/CVE-2017-18640
https://www.oracle.com/security-alerts/cpuApr2021.html
| - diff --git a/charts/stable/calibre-web/security.md b/charts/stable/calibre-web/security.md index 9da028a49ea..4bcb5e3eb02 100644 --- a/charts/stable/calibre-web/security.md +++ b/charts/stable/calibre-web/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:24:11.523Z INFO Detected config files: 1 +2021-12-04T19:24:11.523Z INFO Detected config files: 1 #### calibre-web/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:24:12.326Z INFO Detected OS: alpine -2021-12-04T19:24:12.326Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:24:12.333Z INFO Number of language-specific files: 0 +2021-12-04T19:24:12.326Z INFO Detected OS: alpine +2021-12-04T19:24:12.326Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:24:12.333Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/calibre-web:version-0.6.12@sha256:3f54c0f7bec8c635f019d88039b986c5fa8951445daf5016b4cdb1118694c612** -2021-12-04T19:24:32.635Z INFO Detected OS: ubuntu -2021-12-04T19:24:32.635Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:24:32.641Z INFO Number of language-specific files: 1 -2021-12-04T19:24:32.641Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:24:32.635Z INFO Detected OS: ubuntu +2021-12-04T19:24:32.635Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:24:32.641Z INFO Number of language-specific files: 1 +2021-12-04T19:24:32.641Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/calibre-web:version-0.6.12@sha256:3f54c0f7bec8c635f019d88039b986c5fa8951445daf5016b4cdb1118694c612 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -245,11 +245,10 @@ | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | SQLAlchemy-Utils | pyup.io-42194 | UNKNOWN | 0.37.8 | |
Click to expand!
| | Werkzeug | pyup.io-42050 | UNKNOWN | 1.0.1 | 2.0.2 |
Click to expand!
| | python-ldap | GHSA-r8wq-qrxc-hmcm | MEDIUM | 3.3.1 | 3.4.0 |
Click to expand!https://github.com/advisories/GHSA-r8wq-qrxc-hmcm
https://github.com/python-ldap/python-ldap/issues/424
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
| | urllib3 | CVE-2021-33503 | HIGH | 1.25.11 | 1.26.5 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
https://nvd.nist.gov/vuln/detail/CVE-2021-33503
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/charts/stable/calibre/security.md b/charts/stable/calibre/security.md index 6cf5c394f11..f8f2f9c0a9a 100644 --- a/charts/stable/calibre/security.md +++ b/charts/stable/calibre/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:24:33.520Z INFO Detected config files: 1 +2021-12-04T19:24:33.520Z INFO Detected config files: 1 #### calibre/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:24:34.364Z INFO Detected OS: alpine -2021-12-04T19:24:34.364Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:24:34.372Z INFO Number of language-specific files: 0 +2021-12-04T19:24:34.364Z INFO Detected OS: alpine +2021-12-04T19:24:34.364Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:24:34.372Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/calibre:v5.32.0-ls138@sha256:a7c6272300628eb747dc129001aef8bc53d9b462ebe6b4953de904a2a5e15c8e** -2021-12-04T19:25:00.213Z INFO Detected OS: ubuntu -2021-12-04T19:25:00.213Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:25:00.222Z INFO Number of language-specific files: 1 -2021-12-04T19:25:00.222Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:25:00.213Z INFO Detected OS: ubuntu +2021-12-04T19:25:00.213Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:25:00.222Z INFO Number of language-specific files: 1 +2021-12-04T19:25:00.222Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/calibre:v5.32.0-ls138@sha256:a7c6272300628eb747dc129001aef8bc53d9b462ebe6b4953de904a2a5e15c8e (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -301,9 +301,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/charts/stable/cloud9/security.md b/charts/stable/cloud9/security.md index 9ddbc221aa4..179c78b21c2 100644 --- a/charts/stable/cloud9/security.md +++ b/charts/stable/cloud9/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:24:35.015Z INFO Detected config files: 1 +2021-12-04T19:24:35.015Z INFO Detected config files: 1 #### cloud9/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:25:01.448Z INFO Detected OS: alpine -2021-12-04T19:25:01.448Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:25:01.454Z INFO Number of language-specific files: 0 +2021-12-04T19:25:01.448Z INFO Detected OS: alpine +2021-12-04T19:25:01.448Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:25:01.454Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/cloud9:version-1.29.2@sha256:4891fa151fe52c43719f0346124f29c81ed47be16cdc34554b8896b0cb80cb73** -2021-12-04T19:25:16.818Z INFO Detected OS: ubuntu -2021-12-04T19:25:16.818Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:25:16.823Z INFO Number of language-specific files: 1 -2021-12-04T19:25:16.823Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:25:16.818Z INFO Detected OS: ubuntu +2021-12-04T19:25:16.818Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:25:16.823Z INFO Number of language-specific files: 1 +2021-12-04T19:25:16.823Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/cloud9:version-1.29.2@sha256:4891fa151fe52c43719f0346124f29c81ed47be16cdc34554b8896b0cb80cb73 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -202,7 +202,7 @@ | perl-modules-5.26 | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bl | CVE-2020-8244 | MEDIUM | 1.1.2 | 2.2.1, 1.2.3, 4.0.3, 3.0.1 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8244
https://github.com/advisories/GHSA-pp7h-53gx-mx7r
https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e
https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466
https://hackerone.com/reports/966347
https://nvd.nist.gov/vuln/detail/CVE-2020-8244
https://ubuntu.com/security/notices/USN-5098-1
| @@ -313,4 +313,3 @@ | ws | NSWG-ECO-120 | HIGH | 1.0.1 | >=1.1.1 |
Click to expand!https://github.com/nodejs/node/issues/7388
| | xmlhttprequest-ssl | CVE-2021-31597 | CRITICAL | 1.5.1 | 1.6.1 |
Click to expand!https://github.com/advisories/GHSA-72mh-269x-7mh5
https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2
https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-31597
https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt
https://security.netapp.com/advisory/ntap-20210618-0004/
| | xmlhttprequest-ssl | CVE-2020-28502 | HIGH | 1.5.1 | 1.6.2 |
Click to expand!https://github.com/advisories/GHSA-h4j5-c7cj-74xg
https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js#L480
https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480
https://github.com/driverdan/node-XMLHttpRequest/commit/983cfc244c7567ad6a59e366e55a8037e0497fe6
https://github.com/mjwwit/node-XMLHttpRequest/blob/ae38832a0f1347c5e96dda665402509a3458e302/lib/XMLHttpRequest.js#L531
https://github.com/mjwwit/node-XMLHttpRequest/commit/ee1e81fc67729c7c0eba5537ed7fe1e30a6b3291
https://nvd.nist.gov/vuln/detail/CVE-2020-28502
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938
https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935
https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
| - diff --git a/charts/stable/code-server/security.md b/charts/stable/code-server/security.md index 88579823468..78d55277c61 100644 --- a/charts/stable/code-server/security.md +++ b/charts/stable/code-server/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:25:00.723Z INFO Detected config files: 1 +2021-12-04T19:25:00.723Z INFO Detected config files: 1 #### code-server/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:25:02.061Z INFO Detected OS: alpine -2021-12-04T19:25:02.062Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:25:02.085Z INFO Number of language-specific files: 0 +2021-12-04T19:25:02.061Z INFO Detected OS: alpine +2021-12-04T19:25:02.062Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:25:02.085Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/code-server:v3.12.0@sha256:2853a8bdd8eed9c09bcd4b100b9d4be20c42a307b9d1cbae1a204276e948f9ce** -2021-12-04T19:25:36.140Z INFO Detected OS: debian -2021-12-04T19:25:36.140Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:25:36.206Z INFO Number of language-specific files: 1 -2021-12-04T19:25:36.206Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:25:36.140Z INFO Detected OS: debian +2021-12-04T19:25:36.140Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:25:36.206Z INFO Number of language-specific files: 1 +2021-12-04T19:25:36.206Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/code-server:v3.12.0@sha256:2853a8bdd8eed9c09bcd4b100b9d4be20c42a307b9d1cbae1a204276e948f9ce (debian 11.0) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,10 +275,9 @@ | xxd | CVE-2017-1000382 | LOW | 2:8.2.2434-3 | |
Click to expand!http://security.cucumberlinux.com/security/details.php?id=120
http://www.openwall.com/lists/oss-security/2017/10/31/1
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.1 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| | gopkg.in/yaml.v2 | GMS-2019-2 | UNKNOWN | v2.2.1 | v2.2.3 |
Click to expand!https://github.com/docker/cli/pull/2117
| | gopkg.in/yaml.v2 | GO-2021-0061 | UNKNOWN | v2.2.1 | v2.2.3 |
Click to expand!
| - diff --git a/charts/stable/collabora-online/security.md b/charts/stable/collabora-online/security.md index 0cd051bb2e3..7fed3e1558b 100644 --- a/charts/stable/collabora-online/security.md +++ b/charts/stable/collabora-online/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:25:17.415Z INFO Detected config files: 1 +2021-12-04T19:25:17.415Z INFO Detected config files: 1 #### collabora-online/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:25:37.694Z INFO Detected OS: alpine -2021-12-04T19:25:37.694Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:25:37.711Z INFO Number of language-specific files: 0 +2021-12-04T19:25:37.694Z INFO Detected OS: alpine +2021-12-04T19:25:37.694Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:25:37.711Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/collabora:v6.4.14.3@sha256:d4a55425927736cb167a8df37ba6f2a60c0e3e0bacc0ee2496ecb5e535176f60** -2021-12-04T19:26:07.419Z INFO Detected OS: ubuntu -2021-12-04T19:26:07.419Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:26:07.425Z INFO Number of language-specific files: 0 +2021-12-04T19:26:07.419Z INFO Detected OS: ubuntu +2021-12-04T19:26:07.419Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:26:07.425Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/collabora:v6.4.14.3@sha256:d4a55425927736cb167a8df37ba6f2a60c0e3e0bacc0ee2496ecb5e535176f60 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -209,4 +209,3 @@ | python3.6-minimal | CVE-2021-23336 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | python3.6-minimal | CVE-2021-3426 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-1ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/charts/stable/cryptofolio/security.md b/charts/stable/cryptofolio/security.md index 34bb4f84b5e..bb168cb828a 100644 --- a/charts/stable/cryptofolio/security.md +++ b/charts/stable/cryptofolio/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:26:17.147Z INFO Detected config files: 1 +2021-12-04T19:26:17.147Z INFO Detected config files: 1 #### cryptofolio/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:26:27.914Z INFO Detected OS: alpine -2021-12-04T19:26:27.914Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:26:27.923Z INFO Number of language-specific files: 0 +2021-12-04T19:26:27.914Z INFO Detected OS: alpine +2021-12-04T19:26:27.914Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:26:27.923Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/cryptofolio:v2.2.0@sha256:e77706dd4748dbdf2665cb53434802a3c2ef85f3d9b1ca809f2615b15758f3d0** -2021-12-04T19:26:40.959Z INFO Detected OS: debian -2021-12-04T19:26:40.959Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:26:41.060Z INFO Number of language-specific files: 0 +2021-12-04T19:26:40.959Z INFO Detected OS: debian +2021-12-04T19:26:40.959Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:26:41.060Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/cryptofolio:v2.2.0@sha256:e77706dd4748dbdf2665cb53434802a3c2ef85f3d9b1ca809f2615b15758f3d0 (debian 11.0) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-39275 | CRITICAL | 2.4.48-3.1+deb11u1 | 2.4.51-1~deb11u1 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.netapp.com/advisory/ntap-20211008-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://ubuntu.com/security/notices/USN-5090-2
https://www.debian.org/security/2021/dsa-4982
| @@ -450,4 +450,3 @@ | perl-modules-5.32 | CVE-2011-4116 | LOW | 5.32.1-4+deb11u1 | |
Click to expand!http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
https://rt.cpan.org/Public/Bug/Display.html?id=69106
https://seclists.org/oss-sec/2011/q4/238
| | re2c | CVE-2018-21232 | LOW | 2.0.3-1 | |
Click to expand!http://www.openwall.com/lists/oss-security/2020/05/14/4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21232
https://github.com/skvadrik/re2c/issues/219
https://www.openwall.com/lists/oss-security/2020/04/27/2
| | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| - diff --git a/charts/stable/custom-app/security.md b/charts/stable/custom-app/security.md index 67084e6e68f..4e36efff945 100644 --- a/charts/stable/custom-app/security.md +++ b/charts/stable/custom-app/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:26:08.209Z INFO Detected config files: 1 +2021-12-04T19:26:08.209Z INFO Detected config files: 1 #### custom-app/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:26:09.405Z INFO Detected OS: alpine -2021-12-04T19:26:09.405Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:26:09.411Z INFO Number of language-specific files: 0 +2021-12-04T19:26:09.405Z INFO Detected OS: alpine +2021-12-04T19:26:09.405Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:26:09.411Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79** -2021-12-04T19:26:26.812Z INFO Detected OS: ubuntu -2021-12-04T19:26:26.812Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:26:26.815Z INFO Number of language-specific files: 1 -2021-12-04T19:26:26.815Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:26:26.812Z INFO Detected OS: ubuntu +2021-12-04T19:26:26.812Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:26:26.815Z INFO Number of language-specific files: 1 +2021-12-04T19:26:26.815Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -150,8 +150,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/davos/security.md b/charts/stable/davos/security.md index 5f944549ab4..8ab6fd80ad8 100644 --- a/charts/stable/davos/security.md +++ b/charts/stable/davos/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:26:07.812Z INFO Detected config files: 1 +2021-12-04T19:26:07.812Z INFO Detected config files: 1 #### davos/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:26:08.804Z INFO Detected OS: alpine -2021-12-04T19:26:08.804Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:26:08.808Z INFO Number of language-specific files: 0 +2021-12-04T19:26:08.804Z INFO Detected OS: alpine +2021-12-04T19:26:08.804Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:26:08.808Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,13 +61,13 @@ **Container: tccr.io/truecharts/davos:v2.2.1-ls76@sha256:f9359583fb20278b436e7b018ee244f2cce1480d6834775f19e9da3503dd0e9b** -2021-12-04T19:26:16.486Z INFO Number of language-specific files: 1 -2021-12-04T19:26:16.486Z INFO Detecting jar vulnerabilities... +2021-12-04T19:26:16.486Z INFO Number of language-specific files: 1 +2021-12-04T19:26:16.486Z INFO Detecting jar vulnerabilities... #### Java - + **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.fasterxml.jackson.core:jackson-databind | CVE-2017-15095 | CRITICAL | 2.8.4 | 2.7.9.2, 2.8.10, 2.9.1 |
Click to expand!http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103880
http://www.securitytracker.com/id/1039769
https://access.redhat.com/errata/RHSA-2017:3189
https://access.redhat.com/errata/RHSA-2017:3190
https://access.redhat.com/errata/RHSA-2018:0342
https://access.redhat.com/errata/RHSA-2018:0478
https://access.redhat.com/errata/RHSA-2018:0479
https://access.redhat.com/errata/RHSA-2018:0480
https://access.redhat.com/errata/RHSA-2018:0481
https://access.redhat.com/errata/RHSA-2018:0576
https://access.redhat.com/errata/RHSA-2018:0577
https://access.redhat.com/errata/RHSA-2018:1447
https://access.redhat.com/errata/RHSA-2018:1448
https://access.redhat.com/errata/RHSA-2018:1449
https://access.redhat.com/errata/RHSA-2018:1450
https://access.redhat.com/errata/RHSA-2018:1451
https://access.redhat.com/errata/RHSA-2018:2927
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/solutions/3442891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095
https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43
https://github.com/FasterXML/jackson-databind/commit/3bfbb835
https://github.com/FasterXML/jackson-databind/commit/ddfddfba
https://github.com/FasterXML/jackson-databind/commit/e8f043d1
https://github.com/FasterXML/jackson-databind/issues/1680
https://github.com/FasterXML/jackson-databind/issues/1723
https://github.com/FasterXML/jackson-databind/issues/1737
https://github.com/advisories/GHSA-h592-38cm-4ggp
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
https://nvd.nist.gov/vuln/detail/CVE-2017-15095
https://security.netapp.com/advisory/ntap-20171214-0003/
https://ubuntu.com/security/notices/USN-4741-1
https://www.debian.org/security/2017/dsa-4037
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
| @@ -166,4 +166,3 @@ | org.springframework:spring-core | CVE-2018-1257 | MEDIUM | 4.3.4.RELEASE | 4.3.17, 5.0.6 |
Click to expand!http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104260
https://access.redhat.com/errata/RHSA-2018:1809
https://access.redhat.com/errata/RHSA-2018:3768
https://github.com/advisories/GHSA-rcpf-vj53-7h2m
https://nvd.nist.gov/vuln/detail/CVE-2018-1257
https://pivotal.io/security/cve-2018-1257
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
| | org.springframework:spring-core | CVE-2018-1271 | MEDIUM | 4.3.4.RELEASE | 4.3.15, 5.0.5 |
Click to expand!http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103699
https://access.redhat.com/errata/RHSA-2018:1320
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2939
https://github.com/advisories/GHSA-g8hw-794c-4j9g
https://nvd.nist.gov/vuln/detail/CVE-2018-1271
https://pivotal.io/security/cve-2018-1271
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
| | org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.17 | 1.26 |
Click to expand!https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack
https://bitbucket.org/asomov/snakeyaml/wiki/Changes
https://github.com/advisories/GHSA-rvwf-54qp-4r6v
https://linux.oracle.com/cve/CVE-2017-18640.html
https://linux.oracle.com/errata/ELSA-2020-4807.html
https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages
https://nvd.nist.gov/vuln/detail/CVE-2017-18640
https://www.oracle.com/security-alerts/cpuApr2021.html
| - diff --git a/charts/stable/deconz/security.md b/charts/stable/deconz/security.md index da9cf09ede3..f14e4087cd5 100644 --- a/charts/stable/deconz/security.md +++ b/charts/stable/deconz/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:26:42.147Z INFO Detected config files: 1 +2021-12-04T19:26:42.147Z INFO Detected config files: 1 #### deconz/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:26:43.389Z INFO Detected OS: alpine -2021-12-04T19:26:43.389Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:26:43.397Z INFO Number of language-specific files: 0 +2021-12-04T19:26:43.389Z INFO Detected OS: alpine +2021-12-04T19:26:43.389Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:26:43.397Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/deconz:v2.13.01@sha256:92a7a439e6010e21265fa5beaa47b0172bc6b6682f4e2d26bcd43c772ff7ddbd** -2021-12-04T19:27:03.015Z INFO Detected OS: debian -2021-12-04T19:27:03.015Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:27:03.109Z INFO Number of language-specific files: 0 +2021-12-04T19:27:03.015Z INFO Detected OS: debian +2021-12-04T19:27:03.015Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:27:03.109Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/deconz:v2.13.01@sha256:92a7a439e6010e21265fa5beaa47b0172bc6b6682f4e2d26bcd43c772ff7ddbd (debian 10.9) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -655,4 +655,3 @@ | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/charts/stable/deepstack-cpu/security.md b/charts/stable/deepstack-cpu/security.md index 49caf832f86..75cc73480c5 100644 --- a/charts/stable/deepstack-cpu/security.md +++ b/charts/stable/deepstack-cpu/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:27:04.022Z INFO Detected config files: 1 +2021-12-04T19:27:04.022Z INFO Detected config files: 1 #### deepstack-cpu/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:27:04.878Z INFO Detected OS: alpine -2021-12-04T19:27:04.878Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:27:04.884Z INFO Number of language-specific files: 0 +2021-12-04T19:27:04.878Z INFO Detected OS: alpine +2021-12-04T19:27:04.878Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:27:04.884Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/deepstack-cpu:v2021.09.1@sha256:f924cebf518a54bca2ca2ac33911cf3af4dd7403cad371781422436ce4254a28** -2021-12-04T19:27:50.566Z INFO Detected OS: debian -2021-12-04T19:27:50.566Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:27:50.723Z INFO Number of language-specific files: 2 -2021-12-04T19:27:50.723Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:27:50.724Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:27:50.566Z INFO Detected OS: debian +2021-12-04T19:27:50.566Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:27:50.723Z INFO Number of language-specific files: 2 +2021-12-04T19:27:50.723Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:27:50.724Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/deepstack-cpu:v2021.09.1@sha256:f924cebf518a54bca2ca2ac33911cf3af4dd7403cad371781422436ce4254a28 (debian 10.6) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2020-27350 | MEDIUM | 1.8.2.1 | 1.8.2.2 |
Click to expand!https://bugs.launchpad.net/bugs/1899193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350
https://security.netapp.com/advisory/ntap-20210108-0005/
https://ubuntu.com/security/notices/USN-4667-1
https://ubuntu.com/security/notices/USN-4667-2
https://usn.ubuntu.com/usn/usn-4667-1
https://www.debian.org/security/2020/dsa-4808
| @@ -3000,7 +3000,7 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 8.0.1 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -3034,9 +3034,8 @@ | urllib3 | CVE-2021-28363 | MEDIUM | 1.26.2 | 1.26.4 |
Click to expand!https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/charts/stable/deepstack-gpu/security.md b/charts/stable/deepstack-gpu/security.md index d2762e89b6b..863939d8c36 100644 --- a/charts/stable/deepstack-gpu/security.md +++ b/charts/stable/deepstack-gpu/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:27:52.343Z INFO Detected config files: 1 +2021-12-04T19:27:52.343Z INFO Detected config files: 1 #### deepstack-gpu/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:27:58.702Z INFO Detected OS: alpine -2021-12-04T19:27:58.702Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:27:58.711Z INFO Number of language-specific files: 0 +2021-12-04T19:27:58.702Z INFO Detected OS: alpine +2021-12-04T19:27:58.702Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:27:58.711Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/deepstack-gpu:v2021.09.1@sha256:f924cebf518a54bca2ca2ac33911cf3af4dd7403cad371781422436ce4254a28** -2021-12-04T19:28:22.371Z INFO Detected OS: debian -2021-12-04T19:28:22.374Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:28:22.845Z INFO Number of language-specific files: 2 -2021-12-04T19:28:22.845Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:28:22.846Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:28:22.371Z INFO Detected OS: debian +2021-12-04T19:28:22.374Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:28:22.845Z INFO Number of language-specific files: 2 +2021-12-04T19:28:22.845Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:28:22.846Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/deepstack-gpu:v2021.09.1@sha256:f924cebf518a54bca2ca2ac33911cf3af4dd7403cad371781422436ce4254a28 (debian 10.6) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2020-27350 | MEDIUM | 1.8.2.1 | 1.8.2.2 |
Click to expand!https://bugs.launchpad.net/bugs/1899193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350
https://security.netapp.com/advisory/ntap-20210108-0005/
https://ubuntu.com/security/notices/USN-4667-1
https://ubuntu.com/security/notices/USN-4667-2
https://usn.ubuntu.com/usn/usn-4667-1
https://www.debian.org/security/2020/dsa-4808
| @@ -3000,7 +3000,7 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 8.0.1 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -3034,9 +3034,8 @@ | urllib3 | CVE-2021-28363 | MEDIUM | 1.26.2 | 1.26.4 |
Click to expand!https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/charts/stable/deluge/security.md b/charts/stable/deluge/security.md index a4243a44f47..d99934a1117 100644 --- a/charts/stable/deluge/security.md +++ b/charts/stable/deluge/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:27:51.912Z INFO Detected config files: 1 +2021-12-04T19:27:51.912Z INFO Detected config files: 1 #### deluge/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:27:52.943Z INFO Detected OS: alpine -2021-12-04T19:27:52.943Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:27:52.947Z INFO Number of language-specific files: 0 +2021-12-04T19:27:52.943Z INFO Detected OS: alpine +2021-12-04T19:27:52.943Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:27:52.947Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/deluge:version-2.0.3-2201906121747ubuntu18.04.1@sha256:ef71fa2986593ad6fe3d2c3f277f0340c28c0fbcdc8b91c3505b83be71784f08** -2021-12-04T19:27:57.150Z INFO Detected OS: ubuntu -2021-12-04T19:27:57.150Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:27:57.156Z INFO Number of language-specific files: 0 +2021-12-04T19:27:57.150Z INFO Detected OS: ubuntu +2021-12-04T19:27:57.150Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:27:57.156Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/deluge:version-2.0.3-2201906121747ubuntu18.04.1@sha256:ef71fa2986593ad6fe3d2c3f277f0340c28c0fbcdc8b91c3505b83be71784f08 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -225,4 +225,3 @@ | python3.6-minimal | CVE-2021-23336 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | python3.6-minimal | CVE-2021-3426 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-1ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/charts/stable/digikam/security.md b/charts/stable/digikam/security.md index d10cc5b437c..e955389e5ff 100644 --- a/charts/stable/digikam/security.md +++ b/charts/stable/digikam/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:27:53.536Z INFO Detected config files: 1 +2021-12-04T19:27:53.536Z INFO Detected config files: 1 #### digikam/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:27:57.778Z INFO Detected OS: alpine -2021-12-04T19:27:57.778Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:27:57.786Z INFO Number of language-specific files: 0 +2021-12-04T19:27:57.778Z INFO Detected OS: alpine +2021-12-04T19:27:57.778Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:27:57.786Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/digikam:version-7.3.0@sha256:97cc7525c0e77c75933eea57f2aa52b76077837971a7866338d79ea93adb069c** -2021-12-04T19:28:20.999Z INFO Detected OS: ubuntu -2021-12-04T19:28:20.999Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:28:21.008Z INFO Number of language-specific files: 1 -2021-12-04T19:28:21.008Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:28:20.999Z INFO Detected OS: ubuntu +2021-12-04T19:28:20.999Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:28:21.008Z INFO Number of language-specific files: 1 +2021-12-04T19:28:21.008Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/digikam:version-7.3.0@sha256:97cc7525c0e77c75933eea57f2aa52b76077837971a7866338d79ea93adb069c (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -279,9 +279,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/charts/stable/dizquetv/security.md b/charts/stable/dizquetv/security.md index 480f696450a..61ecb398e4f 100644 --- a/charts/stable/dizquetv/security.md +++ b/charts/stable/dizquetv/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:28:29.247Z INFO Detected config files: 1 +2021-12-04T19:28:29.247Z INFO Detected config files: 1 #### dizquetv/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:28:30.141Z INFO Detected OS: alpine -2021-12-04T19:28:30.141Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:28:30.147Z INFO Number of language-specific files: 0 +2021-12-04T19:28:30.141Z INFO Detected OS: alpine +2021-12-04T19:28:30.141Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:28:30.147Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/dizquetv:v1.5.0@sha256:e7fab135e5048700be9635208c5500b830ceddb7fa0b0f9fffd2fcaa645a8374** -2021-12-04T19:28:39.148Z INFO Detected OS: ubuntu -2021-12-04T19:28:39.148Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:28:39.154Z INFO Number of language-specific files: 0 +2021-12-04T19:28:39.148Z INFO Detected OS: ubuntu +2021-12-04T19:28:39.148Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:28:39.154Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/dizquetv:v1.5.0@sha256:e7fab135e5048700be9635208c5500b830ceddb7fa0b0f9fffd2fcaa645a8374 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -131,4 +131,3 @@ | passwd | CVE-2013-4235 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | passwd | CVE-2018-7169 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| - diff --git a/charts/stable/doublecommander/security.md b/charts/stable/doublecommander/security.md index a988dfae8f0..2912bc84d9a 100644 --- a/charts/stable/doublecommander/security.md +++ b/charts/stable/doublecommander/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:28:42.665Z INFO Detected config files: 1 +2021-12-04T19:28:42.665Z INFO Detected config files: 1 #### doublecommander/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:28:43.572Z INFO Detected OS: alpine -2021-12-04T19:28:43.572Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:28:43.583Z INFO Number of language-specific files: 0 +2021-12-04T19:28:43.572Z INFO Detected OS: alpine +2021-12-04T19:28:43.572Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:28:43.583Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/doublecommander:version-0.8.2-1@sha256:9c71e7178c24bdd646fa65e49fd9cef59ad9584eac2d60d59ea3e62ea53d47f9** -2021-12-04T19:28:48.063Z INFO Detected OS: ubuntu -2021-12-04T19:28:48.063Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:28:48.086Z INFO Number of language-specific files: 1 -2021-12-04T19:28:48.086Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:28:48.063Z INFO Detected OS: ubuntu +2021-12-04T19:28:48.063Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:28:48.086Z INFO Number of language-specific files: 1 +2021-12-04T19:28:48.086Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/doublecommander:version-0.8.2-1@sha256:9c71e7178c24bdd646fa65e49fd9cef59ad9584eac2d60d59ea3e62ea53d47f9 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -310,9 +310,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/charts/stable/dsmr-reader/security.md b/charts/stable/dsmr-reader/security.md index bd27f5320d6..ff0e0e6de8d 100644 --- a/charts/stable/dsmr-reader/security.md +++ b/charts/stable/dsmr-reader/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:29:28.696Z INFO Detected config files: 2 +2021-12-04T19:29:28.696Z INFO Detected config files: 2 #### dsmr-reader/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:32.375Z INFO Detected OS: alpine -2021-12-04T19:29:32.375Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:32.385Z INFO Number of language-specific files: 0 +2021-12-04T19:29:32.375Z INFO Detected OS: alpine +2021-12-04T19:29:32.375Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:32.385Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:29:53.342Z INFO Detected OS: debian -2021-12-04T19:29:53.342Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:29:53.398Z INFO Number of language-specific files: 2 -2021-12-04T19:29:53.398Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:29:53.404Z INFO Detecting jar vulnerabilities... +2021-12-04T19:29:53.342Z INFO Detected OS: debian +2021-12-04T19:29:53.342Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:29:53.398Z INFO Number of language-specific files: 2 +2021-12-04T19:29:53.398Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:29:53.404Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,32 +275,32 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/dsmr-reader:v2021.09.02@sha256:4858edb1ae63a20639a0ef9c51c7b2cf599686db5c582ead7b37b2a288122935** **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:54.945Z INFO Detected OS: alpine -2021-12-04T19:29:54.945Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:54.952Z INFO Number of language-specific files: 0 +2021-12-04T19:29:54.945Z INFO Detected OS: alpine +2021-12-04T19:29:54.945Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:54.952Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -328,16 +328,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:29:55.938Z INFO Detected OS: debian -2021-12-04T19:29:55.938Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:29:55.987Z INFO Number of language-specific files: 2 -2021-12-04T19:29:55.987Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:29:55.987Z INFO Detecting jar vulnerabilities... +2021-12-04T19:29:55.938Z INFO Detected OS: debian +2021-12-04T19:29:55.938Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:29:55.987Z INFO Number of language-specific files: 2 +2021-12-04T19:29:55.987Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:29:55.987Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -532,16 +532,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/duplicati/security.md b/charts/stable/duplicati/security.md index eed194ce7f5..dcaf54b818b 100644 --- a/charts/stable/duplicati/security.md +++ b/charts/stable/duplicati/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:29:14.708Z INFO Detected config files: 1 +2021-12-04T19:29:14.708Z INFO Detected config files: 1 #### duplicati/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:16.013Z INFO Detected OS: alpine -2021-12-04T19:29:16.013Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:16.017Z INFO Number of language-specific files: 0 +2021-12-04T19:29:16.013Z INFO Detected OS: alpine +2021-12-04T19:29:16.013Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:16.017Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/duplicati:vbeta@sha256:88147d0b04d6c05a33e3910359e4a429769bf395bd52a0b6a0c91e19b1909965** -2021-12-04T19:29:28.005Z INFO Detected OS: debian -2021-12-04T19:29:28.005Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:29:28.054Z INFO Number of language-specific files: 0 +2021-12-04T19:29:28.005Z INFO Detected OS: debian +2021-12-04T19:29:28.005Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:29:28.054Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/duplicati:vbeta@sha256:88147d0b04d6c05a33e3910359e4a429769bf395bd52a0b6a0c91e19b1909965 (debian 10.9) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -533,4 +533,3 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| - diff --git a/charts/stable/emby/security.md b/charts/stable/emby/security.md index 5865de4cbac..21adcfe04aa 100644 --- a/charts/stable/emby/security.md +++ b/charts/stable/emby/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:29:29.753Z INFO Detected config files: 1 +2021-12-04T19:29:29.753Z INFO Detected config files: 1 #### emby/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:31.475Z INFO Detected OS: alpine -2021-12-04T19:29:31.475Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:31.487Z INFO Number of language-specific files: 0 +2021-12-04T19:29:31.475Z INFO Detected OS: alpine +2021-12-04T19:29:31.475Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:31.487Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/emby:v4.6.7.0@sha256:f2c60cee28b40d6eeeff72cda847eced2d069b410e63a5b0bdbab7783f34ec1b** -2021-12-04T19:29:45.327Z INFO Detected OS: ubuntu -2021-12-04T19:29:45.327Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:29:45.330Z INFO Number of language-specific files: 1 -2021-12-04T19:29:45.330Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:29:45.327Z INFO Detected OS: ubuntu +2021-12-04T19:29:45.327Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:29:45.330Z INFO Number of language-specific files: 1 +2021-12-04T19:29:45.330Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/emby:v4.6.7.0@sha256:f2c60cee28b40d6eeeff72cda847eced2d069b410e63a5b0bdbab7783f34ec1b (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -151,8 +151,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/esphome/security.md b/charts/stable/esphome/security.md index ac29165fa1f..38791ba5fd3 100644 --- a/charts/stable/esphome/security.md +++ b/charts/stable/esphome/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:29:29.209Z INFO Detected config files: 1 +2021-12-04T19:29:29.209Z INFO Detected config files: 1 #### esphome/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:30.710Z INFO Detected OS: alpine -2021-12-04T19:29:30.711Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:30.723Z INFO Number of language-specific files: 0 +2021-12-04T19:29:30.710Z INFO Detected OS: alpine +2021-12-04T19:29:30.711Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:30.723Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/esphome:v2021.11.4@sha256:c4e3f2174e8636578a2a619eef7644f5ac94f427c531eedc31436e47f27b21a3** -2021-12-04T19:29:52.028Z INFO Detected OS: debian -2021-12-04T19:29:52.028Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:29:52.077Z INFO Number of language-specific files: 1 -2021-12-04T19:29:52.077Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:29:52.028Z INFO Detected OS: debian +2021-12-04T19:29:52.028Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:29:52.077Z INFO Number of language-specific files: 1 +2021-12-04T19:29:52.077Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/esphome:v2021.11.4@sha256:c4e3f2174e8636578a2a619eef7644f5ac94f427c531eedc31436e47f27b21a3 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -207,9 +207,6 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/etherpad/security.md b/charts/stable/etherpad/security.md index d40adb6cbd8..62f39a7207d 100644 --- a/charts/stable/etherpad/security.md +++ b/charts/stable/etherpad/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:30:08.158Z INFO Detected config files: 2 +2021-12-04T19:30:08.158Z INFO Detected config files: 2 #### etherpad/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:30:09.081Z INFO Detected OS: alpine -2021-12-04T19:30:09.081Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:30:09.096Z INFO Number of language-specific files: 0 +2021-12-04T19:30:09.081Z INFO Detected OS: alpine +2021-12-04T19:30:09.081Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:30:09.096Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:30:09.968Z INFO Detected OS: debian -2021-12-04T19:30:09.968Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:30:10.027Z INFO Number of language-specific files: 2 -2021-12-04T19:30:10.027Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:30:10.027Z INFO Detecting jar vulnerabilities... +2021-12-04T19:30:09.968Z INFO Detected OS: debian +2021-12-04T19:30:09.968Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:30:10.027Z INFO Number of language-specific files: 2 +2021-12-04T19:30:10.027Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:30:10.027Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/etherpad:version-1.8.14@sha256:4900f0e787ca22cf93090ae44ecceb5689d4427c739e1eb637a6e3a913161bf8** -2021-12-04T19:30:16.654Z INFO Detected OS: alpine -2021-12-04T19:30:16.654Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:30:16.656Z INFO Number of language-specific files: 1 -2021-12-04T19:30:16.656Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:30:16.654Z INFO Detected OS: alpine +2021-12-04T19:30:16.654Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:30:16.656Z INFO Number of language-specific files: 1 +2021-12-04T19:30:16.656Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/etherpad:version-1.8.14@sha256:4900f0e787ca22cf93090ae44ecceb5689d4427c739e1eb637a6e3a913161bf8 (alpine 3.14.0) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.12.5-r1 | 2.12.6-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -343,7 +343,7 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r2 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -361,14 +361,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:30:17.520Z INFO Detected OS: alpine -2021-12-04T19:30:17.520Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:30:17.528Z INFO Number of language-specific files: 0 +2021-12-04T19:30:17.520Z INFO Detected OS: alpine +2021-12-04T19:30:17.520Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:30:17.528Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -396,16 +396,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:30:18.314Z INFO Detected OS: debian -2021-12-04T19:30:18.314Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:30:18.364Z INFO Number of language-specific files: 2 -2021-12-04T19:30:18.364Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:30:18.365Z INFO Detecting jar vulnerabilities... +2021-12-04T19:30:18.314Z INFO Detected OS: debian +2021-12-04T19:30:18.314Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:30:18.364Z INFO Number of language-specific files: 2 +2021-12-04T19:30:18.364Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:30:18.365Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -600,16 +600,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/external-service/security.md b/charts/stable/external-service/security.md index 1c7d4ae6eff..382adfce433 100644 --- a/charts/stable/external-service/security.md +++ b/charts/stable/external-service/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:30:32.117Z INFO Detected config files: 1 +2021-12-04T19:30:32.117Z INFO Detected config files: 1 #### external-service/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -21,4 +21,3 @@ ##### Scan Results - diff --git a/charts/stable/filezilla/security.md b/charts/stable/filezilla/security.md index b5d39052d4a..2e4f0f300e3 100644 --- a/charts/stable/filezilla/security.md +++ b/charts/stable/filezilla/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:30:40.280Z INFO Detected config files: 1 +2021-12-04T19:30:40.280Z INFO Detected config files: 1 #### filezilla/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:30:41.150Z INFO Detected OS: alpine -2021-12-04T19:30:41.150Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:30:41.158Z INFO Number of language-specific files: 0 +2021-12-04T19:30:41.150Z INFO Detected OS: alpine +2021-12-04T19:30:41.150Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:30:41.158Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,15 @@ **Container: tccr.io/truecharts/filezilla:version-3.51.0-r1@sha256:92421eae5b47e6e98d5157db3f6a453ab0d7733a693b5e8724edeef4090593eb** -2021-12-04T19:30:59.589Z INFO Number of language-specific files: 1 -2021-12-04T19:30:59.589Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:30:59.589Z INFO Number of language-specific files: 1 +2021-12-04T19:30:59.589Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/charts/stable/fireflyiii/security.md b/charts/stable/fireflyiii/security.md index d9b4ed71be3..9a53c87c0e6 100644 --- a/charts/stable/fireflyiii/security.md +++ b/charts/stable/fireflyiii/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:31:00.565Z INFO Detected config files: 2 +2021-12-04T19:31:00.565Z INFO Detected config files: 2 #### fireflyiii/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:01.710Z INFO Detected OS: alpine -2021-12-04T19:31:01.710Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:01.722Z INFO Number of language-specific files: 0 +2021-12-04T19:31:01.710Z INFO Detected OS: alpine +2021-12-04T19:31:01.710Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:01.722Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:31:02.756Z INFO Detected OS: debian -2021-12-04T19:31:02.756Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:02.820Z INFO Number of language-specific files: 2 -2021-12-04T19:31:02.821Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:31:02.821Z INFO Detecting jar vulnerabilities... +2021-12-04T19:31:02.756Z INFO Detected OS: debian +2021-12-04T19:31:02.756Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:02.820Z INFO Number of language-specific files: 2 +2021-12-04T19:31:02.821Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:31:02.821Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/fireflyiii-core:version-5.5.12@sha256:f6dddfae65571d7995d5b24bf28fdf453775b825c35cac0c48b8ce52449090cf** -2021-12-04T19:31:17.470Z INFO Detected OS: debian -2021-12-04T19:31:17.470Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:17.553Z INFO Number of language-specific files: 1 -2021-12-04T19:31:17.553Z INFO Detecting composer vulnerabilities... +2021-12-04T19:31:17.470Z INFO Detected OS: debian +2021-12-04T19:31:17.470Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:17.553Z INFO Number of language-specific files: 1 +2021-12-04T19:31:17.553Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/fireflyiii-core:version-5.5.12@sha256:f6dddfae65571d7995d5b24bf28fdf453775b825c35cac0c48b8ce52449090cf (debian 10.10) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-26691 | CRITICAL | 2.4.38-3+deb10u4 | 2.4.38-3+deb10u5 |
Click to expand!http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
https://linux.oracle.com/cve/CVE-2021-26691.html
https://linux.oracle.com/errata/ELSA-2021-3816.html
https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://ubuntu.com/security/notices/USN-4994-2
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -1064,7 +1064,7 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | doctrine/dbal | CVE-2021-43608 | CRITICAL | 3.1.0 | 3.0.99, 3.1.4 |
Click to expand!https://github.com/advisories/GHSA-r7cj-8hjg-x622
https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
| @@ -1074,14 +1074,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:18.798Z INFO Detected OS: alpine -2021-12-04T19:31:18.798Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:18.805Z INFO Number of language-specific files: 0 +2021-12-04T19:31:18.798Z INFO Detected OS: alpine +2021-12-04T19:31:18.798Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:18.805Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1109,16 +1109,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:31:19.616Z INFO Detected OS: debian -2021-12-04T19:31:19.616Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:19.663Z INFO Number of language-specific files: 2 -2021-12-04T19:31:19.663Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:31:19.663Z INFO Detecting jar vulnerabilities... +2021-12-04T19:31:19.616Z INFO Detected OS: debian +2021-12-04T19:31:19.616Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:19.663Z INFO Number of language-specific files: 2 +2021-12-04T19:31:19.663Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:31:19.663Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1313,16 +1313,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/firefox-syncserver/security.md b/charts/stable/firefox-syncserver/security.md index bc9ad837bb7..5f54b19343f 100644 --- a/charts/stable/firefox-syncserver/security.md +++ b/charts/stable/firefox-syncserver/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:31:23.724Z INFO Detected config files: 2 +2021-12-04T19:31:23.724Z INFO Detected config files: 2 #### firefox-syncserver/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:24.962Z INFO Detected OS: alpine -2021-12-04T19:31:24.963Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:24.969Z INFO Number of language-specific files: 0 +2021-12-04T19:31:24.962Z INFO Detected OS: alpine +2021-12-04T19:31:24.963Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:24.969Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:31:36.631Z INFO Detected OS: debian -2021-12-04T19:31:36.631Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:36.679Z INFO Number of language-specific files: 2 -2021-12-04T19:31:36.679Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:31:36.679Z INFO Detecting jar vulnerabilities... +2021-12-04T19:31:36.631Z INFO Detected OS: debian +2021-12-04T19:31:36.631Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:36.679Z INFO Number of language-specific files: 2 +2021-12-04T19:31:36.679Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:31:36.679Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,32 +275,32 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/firefox-syncserver:v1.8.0@sha256:d0fbf65c8c7a99ad4ba7ffcfdad2e7b2555e0d829867c21cefc9314ace94f747** -2021-12-04T19:31:42.917Z INFO Detected OS: alpine -2021-12-04T19:31:42.917Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:42.933Z INFO Number of language-specific files: 1 -2021-12-04T19:31:42.933Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:31:42.959Z WARN This OS version is no longer supported by the distribution: alpine 3.10.4 -2021-12-04T19:31:42.959Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:31:42.917Z INFO Detected OS: alpine +2021-12-04T19:31:42.917Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:42.933Z INFO Number of language-specific files: 1 +2021-12-04T19:31:42.933Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:31:42.959Z WARN This OS version is no longer supported by the distribution: alpine 3.10.4 +2021-12-04T19:31:42.959Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/firefox-syncserver:v1.8.0@sha256:d0fbf65c8c7a99ad4ba7ffcfdad2e7b2555e0d829867c21cefc9314ace94f747 (alpine 3.10.4) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.4-r2 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -350,7 +350,7 @@ | ssl_client | CVE-2021-28831 | HIGH | 1.30.1-r3 | 1.30.1-r5 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Python | CVE-2021-3177 | CRITICAL | 2.7.18 | 3.6.13, 3.7.10, 3.8.8, 3.9.2 |
Click to expand!https://bugs.python.org/issue42938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
https://github.com/python/cpython/pull/24239
https://linux.oracle.com/cve/CVE-2021-3177.html
https://linux.oracle.com/errata/ELSA-2021-9130.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/
https://news.ycombinator.com/item?id=26185005
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
https://security.gentoo.org/glsa/202101-18
https://security.netapp.com/advisory/ntap-20210226-0003/
https://ubuntu.com/security/notices/USN-4754-1
https://ubuntu.com/security/notices/USN-4754-2 (regression in python2.7)
https://ubuntu.com/security/notices/USN-4754-3
https://ubuntu.com/security/notices/USN-4754-4
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -388,14 +388,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:44.473Z INFO Detected OS: alpine -2021-12-04T19:31:44.473Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:44.481Z INFO Number of language-specific files: 0 +2021-12-04T19:31:44.473Z INFO Detected OS: alpine +2021-12-04T19:31:44.473Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:44.481Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -423,16 +423,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:31:45.692Z INFO Detected OS: debian -2021-12-04T19:31:45.692Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:45.738Z INFO Number of language-specific files: 2 -2021-12-04T19:31:45.738Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:31:45.739Z INFO Detecting jar vulnerabilities... +2021-12-04T19:31:45.692Z INFO Detected OS: debian +2021-12-04T19:31:45.692Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:45.738Z INFO Number of language-specific files: 2 +2021-12-04T19:31:45.738Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:31:45.739Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -627,16 +627,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/flaresolverr/security.md b/charts/stable/flaresolverr/security.md index 9ba5041728c..e948bf0fc04 100644 --- a/charts/stable/flaresolverr/security.md +++ b/charts/stable/flaresolverr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:31:22.518Z INFO Detected config files: 1 +2021-12-04T19:31:22.518Z INFO Detected config files: 1 #### flaresolverr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:24.356Z INFO Detected OS: alpine -2021-12-04T19:31:24.356Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:24.362Z INFO Number of language-specific files: 0 +2021-12-04T19:31:24.356Z INFO Detected OS: alpine +2021-12-04T19:31:24.356Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:24.362Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/flaresolverr:v2.0.2@sha256:80ece1e679d8a569ed538a6b0a48449703723d4941ea851b3a1fedc20428ad4b** -2021-12-04T19:31:35.798Z INFO Detected OS: alpine -2021-12-04T19:31:35.798Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:35.817Z INFO Number of language-specific files: 1 -2021-12-04T19:31:35.817Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:31:35.798Z INFO Detected OS: alpine +2021-12-04T19:31:35.798Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:35.817Z INFO Number of language-specific files: 1 +2021-12-04T19:31:35.817Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/flaresolverr:v2.0.2@sha256:80ece1e679d8a569ed538a6b0a48449703723d4941ea851b3a1fedc20428ad4b (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -99,9 +99,8 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 5.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| - diff --git a/charts/stable/flood/security.md b/charts/stable/flood/security.md index 8ec466131ee..e25189a7ca3 100644 --- a/charts/stable/flood/security.md +++ b/charts/stable/flood/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:31:45.091Z INFO Detected config files: 1 +2021-12-04T19:31:45.091Z INFO Detected config files: 1 #### flood/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:46.819Z INFO Detected OS: alpine -2021-12-04T19:31:46.819Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:46.833Z INFO Number of language-specific files: 0 +2021-12-04T19:31:46.819Z INFO Detected OS: alpine +2021-12-04T19:31:46.819Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:46.833Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/flood:v4.7.0@sha256:6ad4f3eb39e6b04d1632dd0436031377eb35759e0edcd56a95e5dd8c58c09ed8** -2021-12-04T19:31:53.208Z INFO Detected OS: alpine -2021-12-04T19:31:53.208Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:53.213Z INFO Number of language-specific files: 1 -2021-12-04T19:31:53.213Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:31:53.208Z INFO Detected OS: alpine +2021-12-04T19:31:53.208Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:53.213Z INFO Number of language-specific files: 1 +2021-12-04T19:31:53.213Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/flood:v4.7.0@sha256:6ad4f3eb39e6b04d1632dd0436031377eb35759e0edcd56a95e5dd8c58c09ed8 (alpine 3.13.6) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -96,10 +96,9 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 5.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| - diff --git a/charts/stable/focalboard/security.md b/charts/stable/focalboard/security.md index 7f5ecc96c56..5ffc9d4748a 100644 --- a/charts/stable/focalboard/security.md +++ b/charts/stable/focalboard/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:32:09.126Z INFO Detected config files: 1 +2021-12-04T19:32:09.126Z INFO Detected config files: 1 #### focalboard/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:32:09.916Z INFO Detected OS: alpine -2021-12-04T19:32:09.916Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:32:09.923Z INFO Number of language-specific files: 0 +2021-12-04T19:32:09.916Z INFO Detected OS: alpine +2021-12-04T19:32:09.916Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:32:09.923Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/focalboard:v0.8.0@sha256:dfd035116b3f17dd01d82b13cf1823cb8fc2663a9bdc8defe6827481ea9a9c66** -2021-12-04T19:32:15.056Z INFO Detected OS: ubuntu -2021-12-04T19:32:15.056Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:32:15.057Z INFO Number of language-specific files: 1 -2021-12-04T19:32:15.057Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:32:15.056Z INFO Detected OS: ubuntu +2021-12-04T19:32:15.056Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:32:15.057Z INFO Number of language-specific files: 1 +2021-12-04T19:32:15.057Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/focalboard:v0.8.0@sha256:dfd035116b3f17dd01d82b13cf1823cb8fc2663a9bdc8defe6827481ea9a9c66 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -112,8 +112,7 @@ | perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/tidwall/gjson | CVE-2021-42836 | HIGH | v1.7.3 | v1.9.3 |
Click to expand!https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3
https://github.com/tidwall/gjson/issues/236
https://github.com/tidwall/gjson/issues/237
https://nvd.nist.gov/vuln/detail/CVE-2021-42836
| - diff --git a/charts/stable/fossil/security.md b/charts/stable/fossil/security.md index 6a01bf651dc..08f134e7cbf 100644 --- a/charts/stable/fossil/security.md +++ b/charts/stable/fossil/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:32:21.526Z INFO Detected config files: 1 +2021-12-04T19:32:21.526Z INFO Detected config files: 1 #### fossil/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:32:22.618Z INFO Detected OS: alpine -2021-12-04T19:32:22.618Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:32:22.622Z INFO Number of language-specific files: 0 +2021-12-04T19:32:22.618Z INFO Detected OS: alpine +2021-12-04T19:32:22.618Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:32:22.622Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/fossil:v2.15.1-ls4@sha256:5894297e0c90a431a7e93382054ac120e10860c132fce1ac35467c74c900e330** -2021-12-04T19:32:24.806Z INFO Number of language-specific files: 0 +2021-12-04T19:32:24.806Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/freeradius/security.md b/charts/stable/freeradius/security.md index b2b320a45fb..f1708b5f91a 100644 --- a/charts/stable/freeradius/security.md +++ b/charts/stable/freeradius/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:32:38.451Z INFO Detected config files: 1 +2021-12-04T19:32:38.451Z INFO Detected config files: 1 #### freeradius/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:32:39.248Z INFO Detected OS: alpine -2021-12-04T19:32:39.248Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:32:39.256Z INFO Number of language-specific files: 0 +2021-12-04T19:32:39.248Z INFO Detected OS: alpine +2021-12-04T19:32:39.248Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:32:39.256Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/freeradius:v3.0.23@sha256:21454da0a4f4950dd9b97e82de5b56556fdf2bf38f60ae427852b74a2622c972** -2021-12-04T19:32:43.657Z INFO Detected OS: ubuntu -2021-12-04T19:32:43.657Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:32:43.682Z INFO Number of language-specific files: 0 +2021-12-04T19:32:43.657Z INFO Detected OS: ubuntu +2021-12-04T19:32:43.657Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:32:43.682Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/freeradius:v3.0.23@sha256:21454da0a4f4950dd9b97e82de5b56556fdf2bf38f60ae427852b74a2622c972 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -213,4 +213,3 @@ | perl | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| | perl-modules-5.26 | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| - diff --git a/charts/stable/freshrss/security.md b/charts/stable/freshrss/security.md index ce28ba3c5e3..c5e7596a8d7 100644 --- a/charts/stable/freshrss/security.md +++ b/charts/stable/freshrss/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:32:44.337Z INFO Detected config files: 1 +2021-12-04T19:32:44.337Z INFO Detected config files: 1 #### freshrss/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:32:45.022Z INFO Detected OS: alpine -2021-12-04T19:32:45.022Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:32:45.025Z INFO Number of language-specific files: 0 +2021-12-04T19:32:45.022Z INFO Detected OS: alpine +2021-12-04T19:32:45.022Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:32:45.025Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/freshrss:version-1.18.1@sha256:3fc8ef788681ba2c5026453131603fa4dda3b23f855ce2a6c467004eb38a09ec** -2021-12-04T19:32:49.565Z INFO Number of language-specific files: 0 +2021-12-04T19:32:49.565Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/gaps/security.md b/charts/stable/gaps/security.md index a9fdea170fd..d0d185f913c 100644 --- a/charts/stable/gaps/security.md +++ b/charts/stable/gaps/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:33:01.952Z INFO Detected config files: 1 +2021-12-04T19:33:01.952Z INFO Detected config files: 1 #### gaps/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:02.815Z INFO Detected OS: alpine -2021-12-04T19:33:02.815Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:02.822Z INFO Number of language-specific files: 0 +2021-12-04T19:33:02.815Z INFO Detected OS: alpine +2021-12-04T19:33:02.815Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:02.822Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/gaps:v0.8.8@sha256:7f7d33e4279f55bfaf5ea1a7e071b4266794052eddaba2294ab29be45a2133bf** -2021-12-04T19:33:17.654Z INFO Detected OS: ubuntu -2021-12-04T19:33:17.654Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:33:17.657Z INFO Number of language-specific files: 1 -2021-12-04T19:33:17.657Z INFO Detecting jar vulnerabilities... +2021-12-04T19:33:17.654Z INFO Detected OS: ubuntu +2021-12-04T19:33:17.654Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:33:17.657Z INFO Number of language-specific files: 1 +2021-12-04T19:33:17.657Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/gaps:v0.8.8@sha256:7f7d33e4279f55bfaf5ea1a7e071b4266794052eddaba2294ab29be45a2133bf (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -200,7 +200,7 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.1 |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2020-17527 | HIGH | 9.0.39 | 8.5.60, 9.0.40, 10.0.2 |
Click to expand!http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M10
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40
http://www.openwall.com/lists/oss-security/2020/12/03/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527
https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60)
https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40)
https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html
https://nvd.nist.gov/vuln/detail/CVE-2020-17527
https://security.gentoo.org/glsa/202012-23
https://security.netapp.com/advisory/ntap-20201210-0003/
https://www.debian.org/security/2021/dsa-4835
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
| @@ -215,4 +215,3 @@ | org.springframework.security:spring-security-core | CVE-2021-22119 | HIGH | 5.4.1 | 5.2.11.RELEASE, 5.3.10.RELEASE, 5.4.7, 5.5.1 |
Click to expand!https://github.com/advisories/GHSA-w9jg-gvgr-354m
https://github.com/spring-projects/spring-security/pull/9513
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22119
https://tanzu.vmware.com/security/cve-2021-22119
| | org.springframework.security:spring-security-web | CVE-2021-22112 | HIGH | 5.4.1 | 5.3.8, 5.4.4, 5.2.9 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/7
https://github.com/advisories/GHSA-gq28-h5vg-8prx
https://github.com/spring-projects/spring-security/releases/tag/5.4.4
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22112
https://tanzu.vmware.com/security/cve-2021-22112
https://www.jenkins.io/security/advisory/2021-02-19/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.thymeleaf:thymeleaf-spring5 | CVE-2021-43466 | CRITICAL | 3.0.11.RELEASE | |
Click to expand!https://gitee.com/wayne_wwang/wayne_wwang/blob/master/2021/10/31/ruoyi+thymeleaf-rce/index.html
https://github.com/advisories/GHSA-qcj6-jqrg-4wp2
https://nvd.nist.gov/vuln/detail/CVE-2021-43466
| - diff --git a/charts/stable/gitea/security.md b/charts/stable/gitea/security.md index 2d98f2f438b..9acc6072077 100644 --- a/charts/stable/gitea/security.md +++ b/charts/stable/gitea/security.md @@ -4,30 +4,30 @@ ##### Scan Results -2021-12-04T19:33:29.384Z INFO Detected config files: 3 +2021-12-04T19:33:29.384Z INFO Detected config files: 3 #### gitea/charts/memcached/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -47,14 +47,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:30.767Z INFO Detected OS: alpine -2021-12-04T19:33:30.767Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:30.777Z INFO Number of language-specific files: 0 +2021-12-04T19:33:30.767Z INFO Detected OS: alpine +2021-12-04T19:33:30.767Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:30.777Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -82,16 +82,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:33:31.564Z INFO Detected OS: debian -2021-12-04T19:33:31.564Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:33:31.601Z INFO Number of language-specific files: 2 -2021-12-04T19:33:31.601Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:33:31.602Z INFO Detecting jar vulnerabilities... +2021-12-04T19:33:31.564Z INFO Detected OS: debian +2021-12-04T19:33:31.564Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:33:31.601Z INFO Number of language-specific files: 2 +2021-12-04T19:33:31.601Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:31.602Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -286,18 +286,18 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: 'tccr.io/truecharts/gitea:v1.15.7-rootless'** @@ -307,44 +307,44 @@ **Container: tccr.io/truecharts/gitea:v1.15.7-rootless** -2021-12-04T19:33:37.721Z INFO Detected OS: alpine -2021-12-04T19:33:37.721Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:37.723Z INFO Number of language-specific files: 2 -2021-12-04T19:33:37.723Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:37.721Z INFO Detected OS: alpine +2021-12-04T19:33:37.721Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:37.723Z INFO Number of language-specific files: 2 +2021-12-04T19:33:37.723Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/gitea:v1.15.7-rootless (alpine 3.13.7) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:42.749Z INFO Detected OS: alpine -2021-12-04T19:33:42.749Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:42.755Z INFO Number of language-specific files: 0 +2021-12-04T19:33:42.749Z INFO Detected OS: alpine +2021-12-04T19:33:42.749Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:42.755Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -372,15 +372,15 @@ **Container: tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569** -2021-12-04T19:33:45.053Z INFO Detected OS: debian -2021-12-04T19:33:45.053Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:33:45.090Z INFO Number of language-specific files: 1 -2021-12-04T19:33:45.090Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:45.053Z INFO Detected OS: debian +2021-12-04T19:33:45.053Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:33:45.090Z INFO Number of language-specific files: 1 +2021-12-04T19:33:45.090Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -527,22 +527,22 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:46.801Z INFO Detected OS: alpine -2021-12-04T19:33:46.801Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:46.808Z INFO Number of language-specific files: 0 +2021-12-04T19:33:46.801Z INFO Detected OS: alpine +2021-12-04T19:33:46.801Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:46.808Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -570,16 +570,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:33:51.118Z INFO Detected OS: debian -2021-12-04T19:33:51.118Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:33:51.184Z INFO Number of language-specific files: 2 -2021-12-04T19:33:51.184Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:33:51.184Z INFO Detecting jar vulnerabilities... +2021-12-04T19:33:51.118Z INFO Detected OS: debian +2021-12-04T19:33:51.118Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:33:51.184Z INFO Number of language-specific files: 2 +2021-12-04T19:33:51.184Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:51.184Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -774,16 +774,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/golinks/security.md b/charts/stable/golinks/security.md index 2064272d9bf..10cab117f33 100644 --- a/charts/stable/golinks/security.md +++ b/charts/stable/golinks/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:33:32.350Z INFO Detected config files: 1 +2021-12-04T19:33:32.350Z INFO Detected config files: 1 #### golinks/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:33.151Z INFO Detected OS: alpine -2021-12-04T19:33:33.151Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:33.155Z INFO Number of language-specific files: 0 +2021-12-04T19:33:33.151Z INFO Detected OS: alpine +2021-12-04T19:33:33.151Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:33.155Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/golinks:version-154c581@sha256:144d59d23c3b6580403e1a06b3567ac97c638205bc139ba54e058450d6564c73** -2021-12-04T19:33:41.563Z INFO Number of language-specific files: 1 -2021-12-04T19:33:41.563Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:41.563Z INFO Number of language-specific files: 1 +2021-12-04T19:33:41.563Z INFO Detecting gobinary vulnerabilities... #### app/golinks - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/gonic/security.md b/charts/stable/gonic/security.md index 059d1ddd290..5d4da517293 100644 --- a/charts/stable/gonic/security.md +++ b/charts/stable/gonic/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:33:43.527Z INFO Detected config files: 1 +2021-12-04T19:33:43.527Z INFO Detected config files: 1 #### gonic/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:46.150Z INFO Detected OS: alpine -2021-12-04T19:33:46.150Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:46.159Z INFO Number of language-specific files: 0 +2021-12-04T19:33:46.150Z INFO Detected OS: alpine +2021-12-04T19:33:46.150Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:46.159Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/gonic:v0.14.0@sha256:d0316271fcec20816f5f3f5e8ca470426e551f2f6de83845d474a2a7827a6f34** -2021-12-04T19:33:50.499Z INFO Detected OS: alpine -2021-12-04T19:33:50.499Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:50.517Z INFO Number of language-specific files: 1 -2021-12-04T19:33:50.517Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:50.499Z INFO Detected OS: alpine +2021-12-04T19:33:50.499Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:50.517Z INFO Number of language-specific files: 1 +2021-12-04T19:33:50.517Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/gonic:v0.14.0@sha256:d0316271fcec20816f5f3f5e8ca470426e551f2f6de83845d474a2a7827a6f34 (alpine 3.13.5) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.12.5-r0 | 2.12.6-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -125,9 +125,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/gotify/security.md b/charts/stable/gotify/security.md index 48b688567c7..9f221f30be9 100644 --- a/charts/stable/gotify/security.md +++ b/charts/stable/gotify/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:34:01.312Z INFO Detected config files: 2 +2021-12-04T19:34:01.312Z INFO Detected config files: 2 #### gotify/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:02.142Z INFO Detected OS: alpine -2021-12-04T19:34:02.142Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:02.148Z INFO Number of language-specific files: 0 +2021-12-04T19:34:02.142Z INFO Detected OS: alpine +2021-12-04T19:34:02.142Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:02.148Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:34:02.981Z INFO Detected OS: debian -2021-12-04T19:34:02.981Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:34:03.026Z INFO Number of language-specific files: 2 -2021-12-04T19:34:03.026Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:34:03.026Z INFO Detecting jar vulnerabilities... +2021-12-04T19:34:02.981Z INFO Detected OS: debian +2021-12-04T19:34:02.981Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:34:03.026Z INFO Number of language-specific files: 2 +2021-12-04T19:34:03.026Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:34:03.026Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/gotify-server:v2.1.0@sha256:a2edccce285e1303ce7d3be3f2cb001d40aaa24182581f772ce23c1e8d1b7d20** -2021-12-04T19:34:07.744Z INFO Detected OS: debian -2021-12-04T19:34:07.744Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:34:07.791Z INFO Number of language-specific files: 1 -2021-12-04T19:34:07.792Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:34:07.744Z INFO Detected OS: debian +2021-12-04T19:34:07.744Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:34:07.791Z INFO Number of language-specific files: 1 +2021-12-04T19:34:07.792Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/gotify-server:v2.1.0@sha256:a2edccce285e1303ce7d3be3f2cb001d40aaa24182581f772ce23c1e8d1b7d20 (debian 11.0) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -392,22 +392,22 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:09.100Z INFO Detected OS: alpine -2021-12-04T19:34:09.100Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:09.111Z INFO Number of language-specific files: 0 +2021-12-04T19:34:09.100Z INFO Detected OS: alpine +2021-12-04T19:34:09.100Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:09.111Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -435,16 +435,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:34:09.900Z INFO Detected OS: debian -2021-12-04T19:34:09.900Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:34:09.954Z INFO Number of language-specific files: 2 -2021-12-04T19:34:09.954Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:34:09.954Z INFO Detecting jar vulnerabilities... +2021-12-04T19:34:09.900Z INFO Detected OS: debian +2021-12-04T19:34:09.900Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:34:09.954Z INFO Number of language-specific files: 2 +2021-12-04T19:34:09.954Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:34:09.954Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -639,16 +639,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/grafana/security.md b/charts/stable/grafana/security.md index 904065ba2f1..49b5d5a376c 100644 --- a/charts/stable/grafana/security.md +++ b/charts/stable/grafana/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:34:25.747Z INFO Detected config files: 1 +2021-12-04T19:34:25.747Z INFO Detected config files: 1 #### grafana/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:26.541Z INFO Detected OS: alpine -2021-12-04T19:34:26.541Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:26.546Z INFO Number of language-specific files: 0 +2021-12-04T19:34:26.541Z INFO Detected OS: alpine +2021-12-04T19:34:26.541Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:26.546Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/grafana:v8.3.0@sha256:d0e471cc547dae02bcd7ae1355ad98b280ea11a1b3bd902217662670c4c2d4fe** -2021-12-04T19:34:35.709Z INFO Detected OS: debian -2021-12-04T19:34:35.709Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:34:35.739Z INFO Number of language-specific files: 3 -2021-12-04T19:34:35.739Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:34:35.709Z INFO Detected OS: debian +2021-12-04T19:34:35.709Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:34:35.739Z INFO Number of language-specific files: 3 +2021-12-04T19:34:35.739Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/grafana:v8.3.0@sha256:d0e471cc547dae02bcd7ae1355ad98b280ea11a1b3bd902217662670c4c2d4fe (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -220,22 +220,21 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/grafana/loki | CVE-2021-36156 | MEDIUM | v1.6.2-0.20211015002020-7832783b1caa | v2.3.0 |
Click to expand!https://github.com/grafana/loki/pull/4020#issue-694377133
https://github.com/grafana/loki/releases/tag/v2.3.0
https://nvd.nist.gov/vuln/detail/CVE-2021-36156
| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| - diff --git a/charts/stable/grav/security.md b/charts/stable/grav/security.md index 77382b3ae8c..51b586c839a 100644 --- a/charts/stable/grav/security.md +++ b/charts/stable/grav/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:34:38.787Z INFO Detected config files: 1 +2021-12-04T19:34:38.787Z INFO Detected config files: 1 #### grav/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:39.547Z INFO Detected OS: alpine -2021-12-04T19:34:39.547Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:39.554Z INFO Number of language-specific files: 0 +2021-12-04T19:34:39.547Z INFO Detected OS: alpine +2021-12-04T19:34:39.547Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:39.554Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,51 +61,48 @@ **Container: tccr.io/truecharts/grav:version-1.7.18@sha256:709e672ef2cbe1235d896ed9bac213d773abfe70b37925f5870a8a925a047e16** -2021-12-04T19:34:47.108Z INFO Number of language-specific files: 6 -2021-12-04T19:34:47.108Z INFO Detecting composer vulnerabilities... -2021-12-04T19:34:47.112Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:34:47.108Z INFO Number of language-specific files: 6 +2021-12-04T19:34:47.108Z INFO Detecting composer vulnerabilities... +2021-12-04T19:34:47.112Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/grocy/security.md b/charts/stable/grocy/security.md index 5ae7bd7044e..fe74f6ebabe 100644 --- a/charts/stable/grocy/security.md +++ b/charts/stable/grocy/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:34:49.810Z INFO Detected config files: 1 +2021-12-04T19:34:49.810Z INFO Detected config files: 1 #### grocy/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:50.709Z INFO Detected OS: alpine -2021-12-04T19:34:50.709Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:50.716Z INFO Number of language-specific files: 0 +2021-12-04T19:34:50.709Z INFO Detected OS: alpine +2021-12-04T19:34:50.709Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:50.716Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/grocy:version-v3.1.1@sha256:5c036b40671fcddb2a53edceacb1dc2d03df2b2bf1c0b97e5d820c0b84d6faab** -2021-12-04T19:35:01.113Z INFO Number of language-specific files: 2 -2021-12-04T19:35:01.113Z INFO Detecting composer vulnerabilities... -2021-12-04T19:35:01.116Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:35:01.113Z INFO Number of language-specific files: 2 +2021-12-04T19:35:01.113Z INFO Detecting composer vulnerabilities... +2021-12-04T19:35:01.116Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bootbox | GHSA-87mg-h5r3-hw88 | MEDIUM | 5.5.2 | |
Click to expand!https://github.com/advisories/GHSA-87mg-h5r3-hw88
https://github.com/makeusabrew/bootbox/issues/661
https://hackerone.com/reports/508446
https://www.npmjs.com/advisories/882
| @@ -85,9 +85,6 @@ | moment | CVE-2017-18214 | HIGH | 2.18.1 | 2.19.3 |
Click to expand!https://github.com/advisories/GHSA-446m-mv8f-q348
https://github.com/moment/moment/issues/4163
https://github.com/moment/moment/pull/4326
https://nodesecurity.io/advisories/532
https://nvd.nist.gov/vuln/detail/CVE-2017-18214
https://www.npmjs.com/advisories/532
https://www.tenable.com/security/tns-2019-02
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/handbrake/security.md b/charts/stable/handbrake/security.md index 701d95004a9..c4976d11373 100644 --- a/charts/stable/handbrake/security.md +++ b/charts/stable/handbrake/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:35:04.912Z INFO Detected config files: 1 +2021-12-04T19:35:04.912Z INFO Detected config files: 1 #### handbrake/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:35:05.893Z INFO Detected OS: alpine -2021-12-04T19:35:05.893Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:05.898Z INFO Number of language-specific files: 0 +2021-12-04T19:35:05.893Z INFO Detected OS: alpine +2021-12-04T19:35:05.893Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:05.898Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/handbrake:v1.24.2@sha256:312ddf5ec046fd0ca3f84015b55c8b4cbe1d6e8340ffcaf244489592a3fc92da** -2021-12-04T19:35:16.598Z INFO Detected OS: alpine -2021-12-04T19:35:16.598Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:16.609Z INFO Number of language-specific files: 0 +2021-12-04T19:35:16.598Z INFO Detected OS: alpine +2021-12-04T19:35:16.598Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:16.609Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/handbrake:v1.24.2@sha256:312ddf5ec046fd0ca3f84015b55c8b4cbe1d6e8340ffcaf244489592a3fc92da (alpine 3.12.6) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -103,4 +103,3 @@ | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | xvfb | CVE-2021-3472 | HIGH | 1.20.10-r0 | 1.20.10-r1 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/04/13/1
https://bugzilla.redhat.com/show_bug.cgi?id=1944167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
https://linux.oracle.com/cve/CVE-2021-3472.html
https://linux.oracle.com/errata/ELSA-2021-2033.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
https://lists.x.org/archives/xorg-announce/2021-April/003080.html
https://seclists.org/oss-sec/2021/q2/20
https://security.gentoo.org/glsa/202104-02
https://ubuntu.com/security/notices/USN-4905-1
https://ubuntu.com/security/notices/USN-4905-2
https://www.debian.org/security/2021/dsa-4893
https://www.tenable.com/plugins/nessus/148701
https://www.zerodayinitiative.com/advisories/ZDI-21-463/
| - diff --git a/charts/stable/haste-server/security.md b/charts/stable/haste-server/security.md index 85f92f4d724..47255257ff4 100644 --- a/charts/stable/haste-server/security.md +++ b/charts/stable/haste-server/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:35:26.603Z INFO Detected config files: 1 +2021-12-04T19:35:26.603Z INFO Detected config files: 1 #### haste-server/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:35:27.411Z INFO Detected OS: alpine -2021-12-04T19:35:27.411Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:27.417Z INFO Number of language-specific files: 0 +2021-12-04T19:35:27.411Z INFO Detected OS: alpine +2021-12-04T19:35:27.411Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:27.417Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/haste-server:latest@sha256:046b4d04aa5c23a7a4de10b678aad8f62932e2ae04b2db123107e753b7929f86** -2021-12-04T19:35:39.144Z INFO Detected OS: ubuntu -2021-12-04T19:35:39.144Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:35:39.146Z INFO Number of language-specific files: 2 -2021-12-04T19:35:39.146Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:35:39.147Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:35:39.144Z INFO Detected OS: ubuntu +2021-12-04T19:35:39.144Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:35:39.146Z INFO Number of language-specific files: 2 +2021-12-04T19:35:39.146Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:35:39.147Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/haste-server:latest@sha256:046b4d04aa5c23a7a4de10b678aad8f62932e2ae04b2db123107e753b7929f86 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -160,7 +160,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -171,8 +171,7 @@ | y18n | CVE-2020-7774 | HIGH | 4.0.0 | 5.0.5, 4.0.1, 3.2.2 |
Click to expand!https://github.com/advisories/GHSA-c4w7-xm78-47vh
https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25
https://github.com/yargs/y18n/issues/96
https://github.com/yargs/y18n/pull/108
https://linux.oracle.com/cve/CVE-2020-7774.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306
https://snyk.io/vuln/SNYK-JS-Y18N-1021887
https://www.oracle.com/security-alerts/cpuApr2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/headphones/security.md b/charts/stable/headphones/security.md index b5aa281ce01..bea3b5b8a34 100644 --- a/charts/stable/headphones/security.md +++ b/charts/stable/headphones/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:35:39.947Z INFO Detected config files: 1 +2021-12-04T19:35:39.947Z INFO Detected config files: 1 #### headphones/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:35:41.595Z INFO Detected OS: alpine -2021-12-04T19:35:41.595Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:41.601Z INFO Number of language-specific files: 0 +2021-12-04T19:35:41.595Z INFO Detected OS: alpine +2021-12-04T19:35:41.595Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:41.601Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,13 +61,13 @@ **Container: tccr.io/truecharts/headphones:version-58edc604@sha256:f605d077d6d6023e3326421ce02eb81bd962163b68569f8e3953cb5ac2898344** -2021-12-04T19:35:49.088Z INFO Number of language-specific files: 1 -2021-12-04T19:35:49.089Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:35:49.088Z INFO Number of language-specific files: 1 +2021-12-04T19:35:49.089Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -99,4 +99,3 @@ | pip | CVE-2021-28363 | MEDIUM | 20.3.4 | 21.1 |
Click to expand!https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| | pip | CVE-2021-3572 | MEDIUM | 20.3.4 | 21.1 |
Click to expand!https://access.redhat.com/errata/RHSA-2021:3254
https://bugzilla.redhat.com/show_bug.cgi?id=1962856
https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
https://github.com/pypa/pip/pull/9827
https://linux.oracle.com/cve/CVE-2021-3572.html
https://linux.oracle.com/errata/ELSA-2021-4455.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3572
https://packetstormsecurity.com/files/162712/USN-4961-1.txt
| | pip | pyup.io-42218 | UNKNOWN | 20.3.4 | 21.1 |
Click to expand!
| - diff --git a/charts/stable/healthchecks/security.md b/charts/stable/healthchecks/security.md index 2a9d0d3a1f9..16e7b1d8c3f 100644 --- a/charts/stable/healthchecks/security.md +++ b/charts/stable/healthchecks/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:35:52.767Z INFO Detected config files: 1 +2021-12-04T19:35:52.767Z INFO Detected config files: 1 #### healthchecks/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:35:53.674Z INFO Detected OS: alpine -2021-12-04T19:35:53.674Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:53.681Z INFO Number of language-specific files: 0 +2021-12-04T19:35:53.674Z INFO Detected OS: alpine +2021-12-04T19:35:53.674Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:53.681Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/healthchecks:version-v1.22.0@sha256:234347d239410227e8d4585c467293f7bb59859f2042bad885633c1ff30c98f2** -2021-12-04T19:36:00.327Z INFO Number of language-specific files: 1 -2021-12-04T19:36:00.327Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:36:00.327Z INFO Number of language-specific files: 1 +2021-12-04T19:36:00.327Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/heimdall/security.md b/charts/stable/heimdall/security.md index 60676e27e13..37f027ae66e 100644 --- a/charts/stable/heimdall/security.md +++ b/charts/stable/heimdall/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:36:06.648Z INFO Detected config files: 1 +2021-12-04T19:36:06.648Z INFO Detected config files: 1 #### heimdall/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:36:07.477Z INFO Detected OS: alpine -2021-12-04T19:36:07.477Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:36:07.489Z INFO Number of language-specific files: 0 +2021-12-04T19:36:07.477Z INFO Detected OS: alpine +2021-12-04T19:36:07.477Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:36:07.489Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/heimdall:version-2.2.2@sha256:eedb3180caf7388b206238120405d53baf9783692b14766ffed7bb388fadd6ce** -2021-12-04T19:36:10.412Z INFO Number of language-specific files: 0 +2021-12-04T19:36:10.412Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/home-assistant/security.md b/charts/stable/home-assistant/security.md index e77b6741509..014e4384ddb 100644 --- a/charts/stable/home-assistant/security.md +++ b/charts/stable/home-assistant/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:36:37.444Z INFO Detected config files: 2 +2021-12-04T19:36:37.444Z INFO Detected config files: 2 #### home-assistant/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -37,14 +37,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:36:39.008Z INFO Detected OS: alpine -2021-12-04T19:36:39.008Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:36:39.016Z INFO Number of language-specific files: 0 +2021-12-04T19:36:39.008Z INFO Detected OS: alpine +2021-12-04T19:36:39.008Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:36:39.016Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -72,16 +72,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:36:46.742Z INFO Detected OS: debian -2021-12-04T19:36:46.742Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:36:46.796Z INFO Number of language-specific files: 2 -2021-12-04T19:36:46.796Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:36:46.796Z INFO Detecting jar vulnerabilities... +2021-12-04T19:36:46.742Z INFO Detected OS: debian +2021-12-04T19:36:46.742Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:36:46.796Z INFO Number of language-specific files: 2 +2021-12-04T19:36:46.796Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:36:46.796Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -276,35 +276,35 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: 'tccr.io/truecharts/home-assistant:v2021.11.5@sha256:f4a4f4c85e51e6c08b36329110c95be441f53ac998bc51bc16f5b26290f7f9ef'** **Container: tccr.io/truecharts/home-assistant:v2021.11.5@sha256:f4a4f4c85e51e6c08b36329110c95be441f53ac998bc51bc16f5b26290f7f9ef** -2021-12-04T19:37:29.991Z INFO Detected OS: alpine -2021-12-04T19:37:29.991Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:29.996Z INFO Number of language-specific files: 2 -2021-12-04T19:37:29.996Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:37:29.997Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:37:29.997Z WARN version error (3.7.4.post0): malformed version: 3.7.4.post0 +2021-12-04T19:37:29.991Z INFO Detected OS: alpine +2021-12-04T19:37:29.991Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:29.996Z INFO Number of language-specific files: 2 +2021-12-04T19:37:29.996Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:37:29.997Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:37:29.997Z WARN version error (3.7.4.post0): malformed version: 3.7.4.post0 #### tccr.io/truecharts/home-assistant:v2021.11.5@sha256:f4a4f4c85e51e6c08b36329110c95be441f53ac998bc51bc16f5b26290f7f9ef (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -366,7 +366,7 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-34552 | CRITICAL | 8.2.0 | 8.3.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
https://github.com/advisories/GHSA-7534-mm45-c74v
https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
https://nvd.nist.gov/vuln/detail/CVE-2021-34552
https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
| @@ -381,22 +381,22 @@ | sendgrid | CVE-2021-43572 | CRITICAL | 6.8.2 | 6.9.1 |
Click to expand!https://github.com/advisories/GHSA-92vm-mxjf-jqf3
https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
https://nvd.nist.gov/vuln/detail/CVE-2021-43572
https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:37:32.610Z INFO Detected OS: alpine -2021-12-04T19:37:32.610Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:32.615Z INFO Number of language-specific files: 0 +2021-12-04T19:37:32.610Z INFO Detected OS: alpine +2021-12-04T19:37:32.610Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:32.615Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -424,16 +424,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:37:42.139Z INFO Detected OS: debian -2021-12-04T19:37:42.139Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:37:42.172Z INFO Number of language-specific files: 2 -2021-12-04T19:37:42.172Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:37:42.172Z INFO Detecting jar vulnerabilities... +2021-12-04T19:37:42.139Z INFO Detected OS: debian +2021-12-04T19:37:42.139Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:37:42.172Z INFO Number of language-specific files: 2 +2021-12-04T19:37:42.172Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:37:42.172Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -628,16 +628,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/hyperion-ng/security.md b/charts/stable/hyperion-ng/security.md index e7ddbe483eb..0b5e8ef6ef2 100644 --- a/charts/stable/hyperion-ng/security.md +++ b/charts/stable/hyperion-ng/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:36:36.480Z INFO Detected config files: 1 +2021-12-04T19:36:36.480Z INFO Detected config files: 1 #### hyperion-ng/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:36:38.433Z INFO Detected OS: alpine -2021-12-04T19:36:38.433Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:36:38.440Z INFO Number of language-specific files: 0 +2021-12-04T19:36:38.433Z INFO Detected OS: alpine +2021-12-04T19:36:38.433Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:36:38.440Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/hyperion.ng:v2.0.12@sha256:630cc8613290119f0d452b600418f2a3f4e78b73923ca47502989c4fc9bb394a** -2021-12-04T19:36:45.512Z INFO Detected OS: debian -2021-12-04T19:36:45.512Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:36:45.547Z INFO Number of language-specific files: 0 +2021-12-04T19:36:45.512Z INFO Detected OS: debian +2021-12-04T19:36:45.512Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:36:45.547Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/hyperion.ng:v2.0.12@sha256:630cc8613290119f0d452b600418f2a3f4e78b73923ca47502989c4fc9bb394a (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -342,4 +342,3 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/charts/stable/icantbelieveitsnotvaletudo/security.md b/charts/stable/icantbelieveitsnotvaletudo/security.md index 84c84d85c41..f733fc38034 100644 --- a/charts/stable/icantbelieveitsnotvaletudo/security.md +++ b/charts/stable/icantbelieveitsnotvaletudo/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:36:46.058Z INFO Detected config files: 1 +2021-12-04T19:36:46.058Z INFO Detected config files: 1 #### icantbelieveitsnotvaletudo/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:36:48.212Z INFO Detected OS: alpine -2021-12-04T19:36:48.212Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:36:48.223Z INFO Number of language-specific files: 0 +2021-12-04T19:36:48.212Z INFO Detected OS: alpine +2021-12-04T19:36:48.212Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:36:48.223Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/icantbelieveitsnotvaletudo:v2021.2.1@sha256:12546c37abe795970d27fda99f78fd45cd25522b11b4c6db6ce98d7484c68883** -2021-12-04T19:36:54.169Z INFO Detected OS: debian -2021-12-04T19:36:54.169Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:36:54.176Z INFO Number of language-specific files: 1 -2021-12-04T19:36:54.176Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:36:54.169Z INFO Detected OS: debian +2021-12-04T19:36:54.169Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:36:54.176Z INFO Number of language-specific files: 1 +2021-12-04T19:36:54.176Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/icantbelieveitsnotvaletudo:v2021.2.1@sha256:12546c37abe795970d27fda99f78fd45cd25522b11b4c6db6ce98d7484c68883 (debian 9.13) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.4.11 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -264,7 +264,7 @@ | util-linux | CVE-2021-37600 | LOW | 2.29.2-1+deb9u1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -281,4 +281,3 @@ | tar | CVE-2021-37713 | HIGH | 4.4.13 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | ws | CVE-2021-32640 | MEDIUM | 7.4.3 | 5.2.3, 6.2.2, 7.4.6 |
Click to expand!https://github.com/advisories/GHSA-6fc8-4gx4-v693
https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
https://github.com/websockets/ws/issues/1895
https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30@%3Ccommits.tinkerpop.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-32640
| | y18n | CVE-2020-7774 | HIGH | 4.0.0 | 5.0.5, 4.0.1, 3.2.2 |
Click to expand!https://github.com/advisories/GHSA-c4w7-xm78-47vh
https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25
https://github.com/yargs/y18n/issues/96
https://github.com/yargs/y18n/pull/108
https://linux.oracle.com/cve/CVE-2020-7774.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306
https://snyk.io/vuln/SNYK-JS-Y18N-1021887
https://www.oracle.com/security-alerts/cpuApr2021.html
| - diff --git a/charts/stable/jackett/CHANGELOG.md b/charts/stable/jackett/CHANGELOG.md index 18e92ec017c..766549af199 100644 --- a/charts/stable/jackett/CHANGELOG.md +++ b/charts/stable/jackett/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [jackett-9.0.31](https://github.com/truecharts/apps/compare/jackett-9.0.30...jackett-9.0.31) (2021-12-04) + +#### Chore + +* improve a bit on security docs generation + + + ### [jackett-9.0.30](https://github.com/truecharts/apps/compare/jackett-9.0.28...jackett-9.0.30) (2021-12-04) diff --git a/charts/stable/jackett/security.md b/charts/stable/jackett/security.md index b5dcbf715c0..a8a542a92e7 100644 --- a/charts/stable/jackett/security.md +++ b/charts/stable/jackett/security.md @@ -4,16 +4,6 @@ ##### Scan Results -2021-12-04T19:37:30.988Z INFO Detected config files: 1 -#### jackett/templates/common.yaml - -**kubernetes** - - -| No Vulnerabilities found | -|:---------------------------------| - - ## Containers @@ -26,14 +16,12 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:37:38.854Z INFO Detected OS: alpine -2021-12-04T19:37:38.854Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:38.864Z INFO Number of language-specific files: 0 -#### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - +#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) + + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +49,12 @@ **Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79** -2021-12-04T19:37:43.399Z INFO Detected OS: ubuntu -2021-12-04T19:37:43.399Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:37:43.405Z INFO Number of language-specific files: 1 -2021-12-04T19:37:43.405Z INFO Detecting gobinary vulnerabilities... -#### tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) - +#### Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) + + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -148,10 +133,10 @@ | python3.8-minimal | CVE-2021-29921 | MEDIUM | 3.8.10-0ubuntu1~20.04 | 3.8.10-0ubuntu1~20.04.1 |
Click to expand!https://bugs.python.org/issue36384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921
https://docs.python.org/3/library/ipaddress.html
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
https://github.com/python/cpython/pull/12577
https://github.com/python/cpython/pull/25099
https://github.com/sickcodes
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
https://security.netapp.com/advisory/ntap-20210622-0003/
https://sick.codes/sick-2021-014
https://ubuntu.com/security/notices/USN-4973-1
https://ubuntu.com/security/notices/USN-4973-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | python3.8-minimal | CVE-2021-3737 | MEDIUM | 3.8.10-0ubuntu1~20.04 | |
Click to expand!https://bugs.python.org/issue44022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737
https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)
https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)
https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14
https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)
https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)
https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)
https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)
https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)
https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)
https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://ubuntu.com/security/notices/USN-5083-1
| | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/jdownloader2/security.md b/charts/stable/jdownloader2/security.md index 46f3d833c16..ae39ee0d19f 100644 --- a/charts/stable/jdownloader2/security.md +++ b/charts/stable/jdownloader2/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:37:30.386Z INFO Detected config files: 1 +2021-12-04T19:37:30.386Z INFO Detected config files: 1 #### jdownloader2/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:37:32.014Z INFO Detected OS: alpine -2021-12-04T19:37:32.014Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:32.018Z INFO Number of language-specific files: 0 +2021-12-04T19:37:32.014Z INFO Detected OS: alpine +2021-12-04T19:37:32.014Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:32.018Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/jdownloader-2:v1.7.1@sha256:f5c7103d8870367cae893099a9a26929860ca5a13ebc7a1e4e335f1f296c40dd** -2021-12-04T19:37:37.973Z INFO Detected OS: alpine -2021-12-04T19:37:37.973Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:37.980Z INFO Number of language-specific files: 0 +2021-12-04T19:37:37.973Z INFO Detected OS: alpine +2021-12-04T19:37:37.973Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:37.980Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/jdownloader-2:v1.7.1@sha256:f5c7103d8870367cae893099a9a26929860ca5a13ebc7a1e4e335f1f296c40dd (alpine 3.12.6) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -115,4 +115,3 @@ | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | xvfb | CVE-2021-3472 | HIGH | 1.20.10-r0 | 1.20.10-r1 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/04/13/1
https://bugzilla.redhat.com/show_bug.cgi?id=1944167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
https://linux.oracle.com/cve/CVE-2021-3472.html
https://linux.oracle.com/errata/ELSA-2021-2033.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
https://lists.x.org/archives/xorg-announce/2021-April/003080.html
https://seclists.org/oss-sec/2021/q2/20
https://security.gentoo.org/glsa/202104-02
https://ubuntu.com/security/notices/USN-4905-1
https://ubuntu.com/security/notices/USN-4905-2
https://www.debian.org/security/2021/dsa-4893
https://www.tenable.com/plugins/nessus/148701
https://www.zerodayinitiative.com/advisories/ZDI-21-463/
| - diff --git a/charts/stable/jellyfin/security.md b/charts/stable/jellyfin/security.md index 2478ebd5114..de3604edb86 100644 --- a/charts/stable/jellyfin/security.md +++ b/charts/stable/jellyfin/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:37:30.683Z INFO Detected config files: 1 +2021-12-04T19:37:30.683Z INFO Detected config files: 1 #### jellyfin/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:37:41.491Z INFO Detected OS: alpine -2021-12-04T19:37:41.491Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:41.501Z INFO Number of language-specific files: 0 +2021-12-04T19:37:41.491Z INFO Detected OS: alpine +2021-12-04T19:37:41.491Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:41.501Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/jellyfin:v10.7.7@sha256:20febcab671b5281c5ecf8b792860119c9bda4806815bc2764660173b1866924** -2021-12-04T19:38:05.263Z INFO Detected OS: debian -2021-12-04T19:38:05.263Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:38:05.305Z INFO Number of language-specific files: 0 +2021-12-04T19:38:05.263Z INFO Detected OS: debian +2021-12-04T19:38:05.263Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:38:05.305Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/jellyfin:v10.7.7@sha256:20febcab671b5281c5ecf8b792860119c9bda4806815bc2764660173b1866924 (debian 10.10) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -238,4 +238,3 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| - diff --git a/charts/stable/joplin-server/security.md b/charts/stable/joplin-server/security.md index ab6478dadf3..cc506e3ac8f 100644 --- a/charts/stable/joplin-server/security.md +++ b/charts/stable/joplin-server/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:38:29.736Z INFO Detected config files: 2 +2021-12-04T19:38:29.736Z INFO Detected config files: 2 #### joplin-server/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:38:34.351Z INFO Detected OS: alpine -2021-12-04T19:38:34.351Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:38:34.355Z INFO Number of language-specific files: 0 +2021-12-04T19:38:34.351Z INFO Detected OS: alpine +2021-12-04T19:38:34.351Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:38:34.355Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:38:36.186Z INFO Detected OS: debian -2021-12-04T19:38:36.186Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:38:36.230Z INFO Number of language-specific files: 2 -2021-12-04T19:38:36.230Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:38:36.230Z INFO Detecting jar vulnerabilities... +2021-12-04T19:38:36.186Z INFO Detected OS: debian +2021-12-04T19:38:36.186Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:38:36.230Z INFO Number of language-specific files: 2 +2021-12-04T19:38:36.230Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:38:36.230Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/joplin-server:v2.5.1@sha256:a285ff0cf05f534efd28c6652925b57a9774ba41923d15536b873fbbdbabcd2b** -2021-12-04T19:39:07.601Z INFO Detected OS: debian -2021-12-04T19:39:07.601Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:39:07.729Z INFO Number of language-specific files: 1 -2021-12-04T19:39:07.729Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:39:07.601Z INFO Detected OS: debian +2021-12-04T19:39:07.601Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:39:07.729Z INFO Number of language-specific files: 1 +2021-12-04T19:39:07.729Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/joplin-server:v2.5.1@sha256:a285ff0cf05f534efd28c6652925b57a9774ba41923d15536b873fbbdbabcd2b (debian 11.0) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1107,7 +1107,7 @@ | wget | CVE-2021-31879 | MEDIUM | 1.21-1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | @npmcli/arborist | CVE-2021-39134 | HIGH | 2.4.2 | 2.8.2 |
Click to expand!https://github.com/advisories/GHSA-2h3h-q99f-3fhc
https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
https://nvd.nist.gov/vuln/detail/CVE-2021-39134
https://www.npmjs.com/package/@npmcli/arborist
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -1216,14 +1216,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:12.195Z INFO Detected OS: alpine -2021-12-04T19:39:12.195Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:12.203Z INFO Number of language-specific files: 0 +2021-12-04T19:39:12.195Z INFO Detected OS: alpine +2021-12-04T19:39:12.195Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:12.203Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1251,16 +1251,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:39:14.433Z INFO Detected OS: debian -2021-12-04T19:39:14.433Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:39:14.465Z INFO Number of language-specific files: 2 -2021-12-04T19:39:14.465Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:39:14.465Z INFO Detecting jar vulnerabilities... +2021-12-04T19:39:14.433Z INFO Detected OS: debian +2021-12-04T19:39:14.433Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:39:14.465Z INFO Number of language-specific files: 2 +2021-12-04T19:39:14.465Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:39:14.465Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1455,16 +1455,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/kanboard/security.md b/charts/stable/kanboard/security.md index 37da380a89e..4cba7f93268 100644 --- a/charts/stable/kanboard/security.md +++ b/charts/stable/kanboard/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:39:11.375Z INFO Detected config files: 2 +2021-12-04T19:39:11.375Z INFO Detected config files: 2 #### kanboard/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:13.809Z INFO Detected OS: alpine -2021-12-04T19:39:13.809Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:13.818Z INFO Number of language-specific files: 0 +2021-12-04T19:39:13.809Z INFO Detected OS: alpine +2021-12-04T19:39:13.809Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:13.818Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:39:27.869Z INFO Detected OS: debian -2021-12-04T19:39:27.869Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:39:27.908Z INFO Number of language-specific files: 2 -2021-12-04T19:39:27.908Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:39:27.908Z INFO Detecting jar vulnerabilities... +2021-12-04T19:39:27.869Z INFO Detected OS: debian +2021-12-04T19:39:27.869Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:39:27.908Z INFO Number of language-specific files: 2 +2021-12-04T19:39:27.908Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:39:27.908Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,29 +275,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/kanboard:v1.2.20@sha256:1f953b23bf30dbea50a0db78a838c811859d83ab79fe259a93e8fdfe113392f6** -2021-12-04T19:39:31.140Z INFO Detected OS: alpine -2021-12-04T19:39:31.140Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:31.184Z INFO Number of language-specific files: 0 +2021-12-04T19:39:31.140Z INFO Detected OS: alpine +2021-12-04T19:39:31.140Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:31.184Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/kanboard:v1.2.20@sha256:1f953b23bf30dbea50a0db78a838c811859d83ab79fe259a93e8fdfe113392f6 (alpine 3.13.5) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.12.5-r0 | 2.12.6-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -455,14 +455,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:31.997Z INFO Detected OS: alpine -2021-12-04T19:39:31.997Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:32.004Z INFO Number of language-specific files: 0 +2021-12-04T19:39:31.997Z INFO Detected OS: alpine +2021-12-04T19:39:31.997Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:32.004Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -490,16 +490,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:39:32.887Z INFO Detected OS: debian -2021-12-04T19:39:32.888Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:39:32.957Z INFO Number of language-specific files: 2 -2021-12-04T19:39:32.957Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:39:32.957Z INFO Detecting jar vulnerabilities... +2021-12-04T19:39:32.887Z INFO Detected OS: debian +2021-12-04T19:39:32.888Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:39:32.957Z INFO Number of language-specific files: 2 +2021-12-04T19:39:32.957Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:39:32.957Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -694,16 +694,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/kms/security.md b/charts/stable/kms/security.md index 6c81d00bb66..01021a4f957 100644 --- a/charts/stable/kms/security.md +++ b/charts/stable/kms/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:38:34.872Z INFO Detected config files: 1 +2021-12-04T19:38:34.872Z INFO Detected config files: 1 #### kms/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:38:36.884Z INFO Detected OS: alpine -2021-12-04T19:38:36.884Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:38:36.890Z INFO Number of language-specific files: 0 +2021-12-04T19:38:36.884Z INFO Detected OS: alpine +2021-12-04T19:38:36.884Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:38:36.890Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/kms:vminimal@sha256:808c060d4ad8cc05bf3bee5d959683f884845d3d625829bcb9e79d18a2c701fd** -2021-12-04T19:39:10.268Z INFO Detected OS: alpine -2021-12-04T19:39:10.268Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:10.270Z INFO Number of language-specific files: 1 -2021-12-04T19:39:10.270Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:39:10.268Z INFO Detected OS: alpine +2021-12-04T19:39:10.268Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:10.270Z INFO Number of language-specific files: 1 +2021-12-04T19:39:10.270Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/kms:vminimal@sha256:808c060d4ad8cc05bf3bee5d959683f884845d3d625829bcb9e79d18a2c701fd (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -96,9 +96,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/komga/security.md b/charts/stable/komga/security.md index b7e5bf93038..cc9db4683f4 100644 --- a/charts/stable/komga/security.md +++ b/charts/stable/komga/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:39:10.687Z INFO Detected config files: 1 +2021-12-04T19:39:10.687Z INFO Detected config files: 1 #### komga/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:12.816Z INFO Detected OS: alpine -2021-12-04T19:39:12.816Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:12.821Z INFO Number of language-specific files: 0 +2021-12-04T19:39:12.816Z INFO Detected OS: alpine +2021-12-04T19:39:12.816Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:12.821Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/komga:v0.134.0@sha256:b38ff9fd6502fe1272adef4d8b0780e3164ed32a4ccac21ada0912a1cc4a16e1** -2021-12-04T19:39:26.642Z INFO Detected OS: ubuntu -2021-12-04T19:39:26.642Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:39:26.646Z INFO Number of language-specific files: 1 -2021-12-04T19:39:26.646Z INFO Detecting jar vulnerabilities... +2021-12-04T19:39:26.642Z INFO Detected OS: ubuntu +2021-12-04T19:39:26.642Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:39:26.646Z INFO Number of language-specific files: 1 +2021-12-04T19:39:26.646Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/komga:v0.134.0@sha256:b38ff9fd6502fe1272adef4d8b0780e3164ed32a4ccac21ada0912a1cc4a16e1 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2020-27350 | MEDIUM | 1.6.12ubuntu0.1 | 1.6.12ubuntu0.2 |
Click to expand!https://bugs.launchpad.net/bugs/1899193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350
https://security.netapp.com/advisory/ntap-20210108-0005/
https://ubuntu.com/security/notices/USN-4667-1
https://ubuntu.com/security/notices/USN-4667-2
https://usn.ubuntu.com/usn/usn-4667-1
https://www.debian.org/security/2020/dsa-4808
| @@ -261,7 +261,7 @@ | tar | CVE-2019-9923 | LOW | 1.29b-2ubuntu0.1 | 1.29b-2ubuntu0.2 |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | org.apache.activemq:artemis-server | CVE-2020-13947 | MEDIUM | 2.17.0 | |
Click to expand!http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E
https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13947
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -275,4 +275,3 @@ | org.jsoup:jsoup | CVE-2021-37714 | HIGH | 1.13.1 | 1.14.2 |
Click to expand!https://github.com/advisories/GHSA-m72m-mhq2-9p6c
https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c
https://jsoup.org/news/release-1.14.1
https://jsoup.org/news/release-1.14.2
https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b@%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe@%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa@%3Cnotifications.james.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-37714
| | org.springframework.data:spring-data-rest-core | CVE-2021-22047 | MEDIUM | 3.5.5 | 3.4.14, 3.5.6 |
Click to expand!https://nvd.nist.gov/vuln/detail/CVE-2021-22047
https://tanzu.vmware.com/security/cve-2021-22047
| | org.thymeleaf:thymeleaf-spring5 | CVE-2021-43466 | CRITICAL | 3.0.12.RELEASE | |
Click to expand!https://gitee.com/wayne_wwang/wayne_wwang/blob/master/2021/10/31/ruoyi+thymeleaf-rce/index.html
https://github.com/advisories/GHSA-qcj6-jqrg-4wp2
https://nvd.nist.gov/vuln/detail/CVE-2021-43466
| - diff --git a/charts/stable/lazylibrarian/security.md b/charts/stable/lazylibrarian/security.md index 8c2277a63b1..d0338f3c6b7 100644 --- a/charts/stable/lazylibrarian/security.md +++ b/charts/stable/lazylibrarian/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:39:50.026Z INFO Detected config files: 1 +2021-12-04T19:39:50.026Z INFO Detected config files: 1 #### lazylibrarian/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:50.808Z INFO Detected OS: alpine -2021-12-04T19:39:50.808Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:50.814Z INFO Number of language-specific files: 0 +2021-12-04T19:39:50.808Z INFO Detected OS: alpine +2021-12-04T19:39:50.808Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:50.814Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/lazylibrarian:latest@sha256:39be22df562748105a54b77ed8914e097cae98a1ccfde86f975c288588d1a71a** -2021-12-04T19:39:55.865Z INFO Detected OS: ubuntu -2021-12-04T19:39:55.866Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:39:55.881Z INFO Number of language-specific files: 1 -2021-12-04T19:39:55.881Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:39:55.865Z INFO Detected OS: ubuntu +2021-12-04T19:39:55.866Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:39:55.881Z INFO Number of language-specific files: 1 +2021-12-04T19:39:55.881Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/lazylibrarian:latest@sha256:39be22df562748105a54b77ed8914e097cae98a1ccfde86f975c288588d1a71a (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -226,9 +226,6 @@ | python3.6-minimal | CVE-2021-3426 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/leaf2mqtt/security.md b/charts/stable/leaf2mqtt/security.md index 608a593964f..c1bc967addf 100644 --- a/charts/stable/leaf2mqtt/security.md +++ b/charts/stable/leaf2mqtt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:40:04.190Z INFO Detected config files: 1 +2021-12-04T19:40:04.190Z INFO Detected config files: 1 #### leaf2mqtt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:40:05.150Z INFO Detected OS: alpine -2021-12-04T19:40:05.150Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:05.158Z INFO Number of language-specific files: 0 +2021-12-04T19:40:05.150Z INFO Detected OS: alpine +2021-12-04T19:40:05.150Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:05.158Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/leaf2mqtt:v0.5@sha256:0073361400f5f077d4eece95d6e13a86b7744fc564bd1bed151e8afcc6bdf143** -2021-12-04T19:40:23.115Z INFO Detected OS: debian -2021-12-04T19:40:23.115Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:40:23.145Z INFO Number of language-specific files: 0 +2021-12-04T19:40:23.115Z INFO Detected OS: debian +2021-12-04T19:40:23.115Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:40:23.145Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/leaf2mqtt:v0.5@sha256:0073361400f5f077d4eece95d6e13a86b7744fc564bd1bed151e8afcc6bdf143 (debian 10.9) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -285,4 +285,3 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| - diff --git a/charts/stable/librespeed/security.md b/charts/stable/librespeed/security.md index 50b3fd1d09b..95b25254ddb 100644 --- a/charts/stable/librespeed/security.md +++ b/charts/stable/librespeed/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:40:24.330Z INFO Detected config files: 1 +2021-12-04T19:40:24.330Z INFO Detected config files: 1 #### librespeed/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:40:25.682Z INFO Detected OS: alpine -2021-12-04T19:40:25.682Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:25.689Z INFO Number of language-specific files: 0 +2021-12-04T19:40:25.682Z INFO Detected OS: alpine +2021-12-04T19:40:25.682Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:25.689Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/librespeed:version-5.2.4@sha256:c441bc4d4d086a95966e93b4dea82674d1a258774f97084b02e87c0bc38deb2a** -2021-12-04T19:40:37.744Z INFO Number of language-specific files: 0 +2021-12-04T19:40:37.744Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/lidarr/security.md b/charts/stable/lidarr/security.md index 7d1f84471c2..4fabf7b4f4b 100644 --- a/charts/stable/lidarr/security.md +++ b/charts/stable/lidarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:40:23.709Z INFO Detected config files: 1 +2021-12-04T19:40:23.709Z INFO Detected config files: 1 #### lidarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:40:25.110Z INFO Detected OS: alpine -2021-12-04T19:40:25.110Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:25.123Z INFO Number of language-specific files: 0 +2021-12-04T19:40:25.110Z INFO Detected OS: alpine +2021-12-04T19:40:25.110Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:25.123Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/lidarr:v1.0.0.2255@sha256:73262a0dcd0b594cc77a8f232e11aad4e54bbeee0f2ab33c7cda3b83ab298b40** -2021-12-04T19:40:35.749Z INFO Detected OS: ubuntu -2021-12-04T19:40:35.750Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:40:35.752Z INFO Number of language-specific files: 1 -2021-12-04T19:40:35.752Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:40:35.749Z INFO Detected OS: ubuntu +2021-12-04T19:40:35.750Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:40:35.752Z INFO Number of language-specific files: 1 +2021-12-04T19:40:35.752Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/lidarr:v1.0.0.2255@sha256:73262a0dcd0b594cc77a8f232e11aad4e54bbeee0f2ab33c7cda3b83ab298b40 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -395,8 +395,7 @@ | perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/littlelink/security.md b/charts/stable/littlelink/security.md index cc402017dd8..48365dca9dd 100644 --- a/charts/stable/littlelink/security.md +++ b/charts/stable/littlelink/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:40:38.362Z INFO Detected config files: 1 +2021-12-04T19:40:38.362Z INFO Detected config files: 1 #### littlelink/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:40:39.237Z INFO Detected OS: alpine -2021-12-04T19:40:39.237Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:39.240Z INFO Number of language-specific files: 0 +2021-12-04T19:40:39.237Z INFO Detected OS: alpine +2021-12-04T19:40:39.237Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:39.240Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,24 +61,23 @@ **Container: tccr.io/truecharts/littlelink-server:latest@sha256:29d95d1d215342d2e627a082b0049116c627781517b3626a8afd9af97f26b605** -2021-12-04T19:40:45.157Z INFO Detected OS: alpine -2021-12-04T19:40:45.157Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:45.158Z INFO Number of language-specific files: 1 -2021-12-04T19:40:45.158Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:40:45.157Z INFO Detected OS: alpine +2021-12-04T19:40:45.157Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:45.158Z INFO Number of language-specific files: 1 +2021-12-04T19:40:45.158Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/littlelink-server:latest@sha256:29d95d1d215342d2e627a082b0049116c627781517b3626a8afd9af97f26b605 (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 5.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| - diff --git a/charts/stable/logitech-media-server/security.md b/charts/stable/logitech-media-server/security.md index 5a968307a88..19175cf241c 100644 --- a/charts/stable/logitech-media-server/security.md +++ b/charts/stable/logitech-media-server/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:41:05.970Z INFO Detected config files: 1 +2021-12-04T19:41:05.970Z INFO Detected config files: 1 #### logitech-media-server/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:06.757Z INFO Detected OS: alpine -2021-12-04T19:41:06.757Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:06.761Z INFO Number of language-specific files: 0 +2021-12-04T19:41:06.757Z INFO Detected OS: alpine +2021-12-04T19:41:06.757Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:06.761Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/logitechmediaserver:v8.3.0@sha256:9a3d016f99856b8a1ce846a70b1c17dbf8c730030850e48a1b2c632952510dc4** -2021-12-04T19:41:11.023Z INFO Detected OS: debian -2021-12-04T19:41:11.023Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:41:11.061Z INFO Number of language-specific files: 0 +2021-12-04T19:41:11.023Z INFO Detected OS: debian +2021-12-04T19:41:11.023Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:41:11.061Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/logitechmediaserver:v8.3.0@sha256:9a3d016f99856b8a1ce846a70b1c17dbf8c730030850e48a1b2c632952510dc4 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -160,4 +160,3 @@ | perl-modules-5.32 | CVE-2011-4116 | LOW | 5.32.1-4+deb11u2 | |
Click to expand!http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
https://rt.cpan.org/Public/Bug/Display.html?id=69106
https://seclists.org/oss-sec/2011/q4/238
| | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| | wget | CVE-2021-31879 | MEDIUM | 1.21-1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| - diff --git a/charts/stable/loki/security.md b/charts/stable/loki/security.md index 15ce6f21470..b05e525acc8 100644 --- a/charts/stable/loki/security.md +++ b/charts/stable/loki/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:41:40.630Z INFO Detected config files: 2 +2021-12-04T19:41:40.630Z INFO Detected config files: 2 #### loki/charts/promtail/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:41.885Z INFO Detected OS: alpine -2021-12-04T19:41:41.885Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:41.892Z INFO Number of language-specific files: 0 +2021-12-04T19:41:41.885Z INFO Detected OS: alpine +2021-12-04T19:41:41.885Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:41.892Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,15 +70,15 @@ **Container: tccr.io/truecharts/loki:v2.4.1@sha256:79c6f31e246f6edac4efa651f1e246273bd1370bb140d1fa4f3fe143c2251aff** -2021-12-04T19:41:45.496Z INFO Detected OS: alpine -2021-12-04T19:41:45.497Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:45.497Z INFO Number of language-specific files: 1 -2021-12-04T19:41:45.497Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:41:45.496Z INFO Detected OS: alpine +2021-12-04T19:41:45.497Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:45.497Z INFO Number of language-specific files: 1 +2021-12-04T19:41:45.497Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/loki:v2.4.1@sha256:79c6f31e246f6edac4efa651f1e246273bd1370bb140d1fa4f3fe143c2251aff (alpine 3.13.6) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -105,21 +105,21 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:52.703Z INFO Detected OS: alpine -2021-12-04T19:41:52.703Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:52.717Z INFO Number of language-specific files: 0 +2021-12-04T19:41:52.703Z INFO Detected OS: alpine +2021-12-04T19:41:52.703Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:52.717Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -147,15 +147,15 @@ **Container: tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4** -2021-12-04T19:41:58.361Z INFO Detected OS: debian -2021-12-04T19:41:58.361Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:41:58.373Z INFO Number of language-specific files: 1 -2021-12-04T19:41:58.373Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:41:58.361Z INFO Detected OS: debian +2021-12-04T19:41:58.361Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:41:58.373Z INFO Number of language-specific files: 1 +2021-12-04T19:41:58.373Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -225,9 +225,8 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.5.4 | v1.4.11, v1.5.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://nvd.nist.gov/vuln/detail/CVE-2021-41103
https://ubuntu.com/security/notices/USN-5100-1
https://www.debian.org/security/2021/dsa-5002
| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| - diff --git a/charts/stable/lychee/security.md b/charts/stable/lychee/security.md index 1eecb0353be..89033d060d5 100644 --- a/charts/stable/lychee/security.md +++ b/charts/stable/lychee/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:41:25.342Z INFO Detected config files: 1 +2021-12-04T19:41:25.342Z INFO Detected config files: 1 #### lychee/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:26.619Z INFO Detected OS: alpine -2021-12-04T19:41:26.619Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:26.626Z INFO Number of language-specific files: 0 +2021-12-04T19:41:26.619Z INFO Detected OS: alpine +2021-12-04T19:41:26.619Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:26.626Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/lychee-laravel:v4.3.6@sha256:4bed7b11de627f40477b8865869cd757610969dcecbafaa1a1aac4ea1e8ae1bf** -2021-12-04T19:41:39.790Z INFO Detected OS: debian -2021-12-04T19:41:39.790Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:41:39.889Z INFO Number of language-specific files: 1 -2021-12-04T19:41:39.889Z INFO Detecting composer vulnerabilities... +2021-12-04T19:41:39.790Z INFO Detected OS: debian +2021-12-04T19:41:39.790Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:41:39.889Z INFO Number of language-specific files: 1 +2021-12-04T19:41:39.889Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/lychee-laravel:v4.3.6@sha256:4bed7b11de627f40477b8865869cd757610969dcecbafaa1a1aac4ea1e8ae1bf (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -342,8 +342,7 @@ | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | symfony/http-kernel | CVE-2021-41267 | MEDIUM | v5.2.9 | 5.3.0, 5.3.12 |
Click to expand!https://github.com/advisories/GHSA-q3j3-w37x-hq2q
https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
https://github.com/symfony/symfony/pull/44243
https://github.com/symfony/symfony/releases/tag/v5.3.12
https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
https://nvd.nist.gov/vuln/detail/CVE-2021-41267
https://symfony.com/cve-2021-41267
| - diff --git a/charts/stable/mealie/security.md b/charts/stable/mealie/security.md index 01d46f74146..1f4f39dadc3 100644 --- a/charts/stable/mealie/security.md +++ b/charts/stable/mealie/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:41:41.205Z INFO Detected config files: 1 +2021-12-04T19:41:41.205Z INFO Detected config files: 1 #### mealie/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:42.520Z INFO Detected OS: alpine -2021-12-04T19:41:42.520Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:42.534Z INFO Number of language-specific files: 0 +2021-12-04T19:41:42.520Z INFO Detected OS: alpine +2021-12-04T19:41:42.520Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:42.534Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/mealie:v0.5.4@sha256:52a05feaf3cac813c0540e8c59b0f99900662558254c657e9d0335f0d9c8b4a9** -2021-12-04T19:41:51.738Z INFO Detected OS: debian -2021-12-04T19:41:51.738Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:41:51.755Z INFO Number of language-specific files: 2 -2021-12-04T19:41:51.755Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:41:51.755Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:41:51.738Z INFO Detected OS: debian +2021-12-04T19:41:51.738Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:41:51.755Z INFO Number of language-specific files: 2 +2021-12-04T19:41:51.755Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:41:51.755Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/mealie:v0.5.4@sha256:52a05feaf3cac813c0540e8c59b0f99900662558254c657e9d0335f0d9c8b4a9 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -159,7 +159,7 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apprise | CVE-2021-39229 | HIGH | 0.9.3 | 0.9.5.1 |
Click to expand!https://github.com/advisories/GHSA-qhmp-h54x-38qr
https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359
https://github.com/caronc/apprise/commit/e20fce630d55e4ca9b0a1e325a5fea6997489831
https://github.com/caronc/apprise/pull/436
https://github.com/caronc/apprise/releases/tag/v0.9.5.1
https://github.com/caronc/apprise/security/advisories/GHSA-qhmp-h54x-38qr
https://nvd.nist.gov/vuln/detail/CVE-2021-39229
| @@ -170,9 +170,6 @@ | websockets | CVE-2021-33880 | MEDIUM | 8.1 | 9.1 |
Click to expand!https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0
https://github.com/advisories/GHSA-8ch4-58qp-g3mp
https://nvd.nist.gov/vuln/detail/CVE-2021-33880
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/medusa/security.md b/charts/stable/medusa/security.md index ec1b3f91101..73816139d2a 100644 --- a/charts/stable/medusa/security.md +++ b/charts/stable/medusa/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:41:53.361Z INFO Detected config files: 1 +2021-12-04T19:41:53.361Z INFO Detected config files: 1 #### medusa/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:59.388Z INFO Detected OS: alpine -2021-12-04T19:41:59.388Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:59.398Z INFO Number of language-specific files: 0 +2021-12-04T19:41:59.388Z INFO Detected OS: alpine +2021-12-04T19:41:59.388Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:59.398Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/medusa:v0.5.20@sha256:5de16df497fc0800e47cbd5761c04966403d38445ba54f076f336e70437d3cd9** -2021-12-04T19:42:07.267Z INFO Number of language-specific files: 1 -2021-12-04T19:42:07.267Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:42:07.267Z INFO Number of language-specific files: 1 +2021-12-04T19:42:07.267Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/miniflux/security.md b/charts/stable/miniflux/security.md index 999dd3becab..a34c1e50244 100644 --- a/charts/stable/miniflux/security.md +++ b/charts/stable/miniflux/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:42:28.048Z INFO Detected config files: 2 +2021-12-04T19:42:28.048Z INFO Detected config files: 2 #### miniflux/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:28.842Z INFO Detected OS: alpine -2021-12-04T19:42:28.842Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:28.855Z INFO Number of language-specific files: 0 +2021-12-04T19:42:28.842Z INFO Detected OS: alpine +2021-12-04T19:42:28.842Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:28.855Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:42:29.701Z INFO Detected OS: debian -2021-12-04T19:42:29.701Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:42:29.743Z INFO Number of language-specific files: 2 -2021-12-04T19:42:29.743Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:42:29.743Z INFO Detecting jar vulnerabilities... +2021-12-04T19:42:29.701Z INFO Detected OS: debian +2021-12-04T19:42:29.701Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:42:29.743Z INFO Number of language-specific files: 2 +2021-12-04T19:42:29.743Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:42:29.743Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/miniflux:v2.0.33@sha256:1fcc67ba8a5e9f06c6b67bc654b3276d51c304cb3a2ac4985114b6785c149cb2** -2021-12-04T19:42:31.561Z INFO Detected OS: alpine -2021-12-04T19:42:31.561Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:31.561Z INFO Number of language-specific files: 1 -2021-12-04T19:42:31.561Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:42:31.561Z INFO Detected OS: alpine +2021-12-04T19:42:31.561Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:31.561Z INFO Number of language-specific files: 1 +2021-12-04T19:42:31.561Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/miniflux:v2.0.33@sha256:1fcc67ba8a5e9f06c6b67bc654b3276d51c304cb3a2ac4985114b6785c149cb2 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -325,21 +325,21 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:32.314Z INFO Detected OS: alpine -2021-12-04T19:42:32.314Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:32.320Z INFO Number of language-specific files: 0 +2021-12-04T19:42:32.314Z INFO Detected OS: alpine +2021-12-04T19:42:32.314Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:32.320Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -367,16 +367,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:42:33.524Z INFO Detected OS: debian -2021-12-04T19:42:33.524Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:42:33.565Z INFO Number of language-specific files: 2 -2021-12-04T19:42:33.565Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:42:33.565Z INFO Detecting jar vulnerabilities... +2021-12-04T19:42:33.524Z INFO Detected OS: debian +2021-12-04T19:42:33.524Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:42:33.565Z INFO Number of language-specific files: 2 +2021-12-04T19:42:33.565Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:42:33.565Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -571,16 +571,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/minio-console/security.md b/charts/stable/minio-console/security.md index dc1f68d9ea2..4c17237ffcd 100644 --- a/charts/stable/minio-console/security.md +++ b/charts/stable/minio-console/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:42:35.148Z INFO Detected config files: 1 +2021-12-04T19:42:35.148Z INFO Detected config files: 1 #### minio-console/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:36.143Z INFO Detected OS: alpine -2021-12-04T19:42:36.143Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:36.149Z INFO Number of language-specific files: 0 +2021-12-04T19:42:36.143Z INFO Detected OS: alpine +2021-12-04T19:42:36.143Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:36.149Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -60,5 +60,3 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **Container: tccr.io/truecharts/minio-console:v0.12.5@sha256:95b3c2b2e67b8f61f5d3e09c37875a37b9f4aeaa47f392c02dba191b041517d1** - - diff --git a/charts/stable/minio/security.md b/charts/stable/minio/security.md index 2e1bb7c658c..15094e7c2f2 100644 --- a/charts/stable/minio/security.md +++ b/charts/stable/minio/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:42:49.584Z INFO Detected config files: 1 +2021-12-04T19:42:49.584Z INFO Detected config files: 1 #### minio/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:51.014Z INFO Detected OS: alpine -2021-12-04T19:42:51.014Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:51.021Z INFO Number of language-specific files: 0 +2021-12-04T19:42:51.014Z INFO Detected OS: alpine +2021-12-04T19:42:51.014Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:51.021Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/minio:latest@sha256:8129f69c85b84e13f085a1ce127f108cee0ea84a1f496e8065796c7a15a08442** -2021-12-04T19:42:57.834Z INFO Detected OS: redhat -2021-12-04T19:42:57.834Z INFO Detecting RHEL/CentOS vulnerabilities... -2021-12-04T19:42:57.837Z INFO Number of language-specific files: 1 +2021-12-04T19:42:57.834Z INFO Detected OS: redhat +2021-12-04T19:42:57.834Z INFO Detecting RHEL/CentOS vulnerabilities... +2021-12-04T19:42:57.837Z INFO Number of language-specific files: 1 #### tccr.io/truecharts/minio:latest@sha256:8129f69c85b84e13f085a1ce127f108cee0ea84a1f496e8065796c7a15a08442 (redhat 8.4) - + **redhat** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bzip2-libs | CVE-2019-12900 | LOW | 1.0.6-26.el8 | |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
https://seclists.org/bugtraq/2019/Aug/4
https://seclists.org/bugtraq/2019/Jul/22
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
https://support.f5.com/csp/article/K68713584?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/notices/USN-4038-1
https://ubuntu.com/security/notices/USN-4038-2
https://ubuntu.com/security/notices/USN-4038-3
https://ubuntu.com/security/notices/USN-4038-4
https://ubuntu.com/security/notices/USN-4146-1
https://ubuntu.com/security/notices/USN-4146-2
https://usn.ubuntu.com/4038-1/
https://usn.ubuntu.com/4038-2/
https://usn.ubuntu.com/4146-1/
https://usn.ubuntu.com/4146-2/
https://www.oracle.com/security-alerts/cpuoct2020.html
| @@ -173,4 +173,3 @@ | sqlite-libs | CVE-2019-9936 | LOW | 3.26.0-13.el8 | |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html
http://www.securityfocus.com/bid/107562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/
https://security.gentoo.org/glsa/201908-09
https://security.netapp.com/advisory/ntap-20190416-0005/
https://sqlite.org/src/info/b3fa58dd7403dbd4
https://ubuntu.com/security/notices/USN-4019-1
https://usn.ubuntu.com/4019-1/
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
| | sqlite-libs | CVE-2019-9937 | LOW | 3.26.0-13.el8 | |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html
http://www.securityfocus.com/bid/107562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/
https://security.gentoo.org/glsa/201908-09
https://security.netapp.com/advisory/ntap-20190416-0005/
https://sqlite.org/src/info/45c73deb440496e8
https://ubuntu.com/security/notices/USN-4019-1
https://usn.ubuntu.com/4019-1/
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
| | systemd-libs | CVE-2018-20839 | MEDIUM | 239-45.el8_4.3 | |
Click to expand!http://www.securityfocus.com/bid/108389
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
https://github.com/systemd/systemd/pull/12378
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.netapp.com/advisory/ntap-20190530-0002/
| - diff --git a/charts/stable/mosquitto/security.md b/charts/stable/mosquitto/security.md index 11da3aa2ba5..a9b3603ff6e 100644 --- a/charts/stable/mosquitto/security.md +++ b/charts/stable/mosquitto/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:42:58.623Z INFO Detected config files: 1 +2021-12-04T19:42:58.623Z INFO Detected config files: 1 #### mosquitto/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:59.848Z INFO Detected OS: alpine -2021-12-04T19:42:59.848Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:59.852Z INFO Number of language-specific files: 0 +2021-12-04T19:42:59.848Z INFO Detected OS: alpine +2021-12-04T19:42:59.848Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:59.852Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,13 @@ **Container: tccr.io/truecharts/eclipse-mosquitto:v2.0.14@sha256:047eb800158878c1bea9e6281e2dc3081b53b61ca10fdca5a17816c6fbe15216** -2021-12-04T19:43:01.308Z INFO Detected OS: alpine -2021-12-04T19:43:01.308Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:01.309Z INFO Number of language-specific files: 0 +2021-12-04T19:43:01.308Z INFO Detected OS: alpine +2021-12-04T19:43:01.308Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:01.309Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/eclipse-mosquitto:v2.0.14@sha256:047eb800158878c1bea9e6281e2dc3081b53b61ca10fdca5a17816c6fbe15216 (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/mstream/security.md b/charts/stable/mstream/security.md index c6102b79f70..66010431f95 100644 --- a/charts/stable/mstream/security.md +++ b/charts/stable/mstream/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:43:21.772Z INFO Detected config files: 1 +2021-12-04T19:43:21.772Z INFO Detected config files: 1 #### mstream/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:43:23.265Z INFO Detected OS: alpine -2021-12-04T19:43:23.265Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:23.272Z INFO Number of language-specific files: 0 +2021-12-04T19:43:23.265Z INFO Detected OS: alpine +2021-12-04T19:43:23.265Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:23.272Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/mstream:version-v5.2.5@sha256:1ac2f1c3177e09428cf5be1f33c7110863b69a748f691f8385dc96a313d84e7b** -2021-12-04T19:43:34.582Z INFO Number of language-specific files: 6 -2021-12-04T19:43:34.582Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:43:34.583Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:43:34.582Z INFO Number of language-specific files: 6 +2021-12-04T19:43:34.582Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:43:34.583Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -77,37 +77,34 @@ | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/muximux/security.md b/charts/stable/muximux/security.md index d443fedd394..304c14406ff 100644 --- a/charts/stable/muximux/security.md +++ b/charts/stable/muximux/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:43:23.815Z INFO Detected config files: 1 +2021-12-04T19:43:23.815Z INFO Detected config files: 1 #### muximux/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:43:36.042Z INFO Detected OS: alpine -2021-12-04T19:43:36.042Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:36.048Z INFO Number of language-specific files: 0 +2021-12-04T19:43:36.042Z INFO Detected OS: alpine +2021-12-04T19:43:36.042Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:36.048Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/muximux:version-057352e8@sha256:5942aa00a99c51a0d0fc9afda2f875450515a27a312572c0fcc62471131184e9** -2021-12-04T19:43:37.391Z INFO Number of language-specific files: 0 +2021-12-04T19:43:37.391Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/mylar/security.md b/charts/stable/mylar/security.md index 077592dc0ea..7b6fd07377c 100644 --- a/charts/stable/mylar/security.md +++ b/charts/stable/mylar/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:43:39.197Z INFO Detected config files: 1 +2021-12-04T19:43:39.197Z INFO Detected config files: 1 #### mylar/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:43:40.381Z INFO Detected OS: alpine -2021-12-04T19:43:40.381Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:40.388Z INFO Number of language-specific files: 0 +2021-12-04T19:43:40.381Z INFO Detected OS: alpine +2021-12-04T19:43:40.381Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:40.388Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,13 +61,13 @@ **Container: tccr.io/truecharts/mylar3:version-v0.5.3@sha256:97892fdbd4aaa622ea5b77d1c9c467985545094a13f4acd1ab3f5d4b0bb094ea** -2021-12-04T19:43:46.626Z INFO Number of language-specific files: 1 -2021-12-04T19:43:46.626Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:43:46.626Z INFO Number of language-specific files: 1 +2021-12-04T19:43:46.626Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -96,4 +96,3 @@ | Pillow | CVE-2021-28675 | MEDIUM | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28675
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| | Pillow | CVE-2021-28678 | MEDIUM | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
https://github.com/python-pillow/Pillow/pull/5377
https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28678
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| | Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 |
Click to expand!https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
| - diff --git a/charts/stable/navidrome/security.md b/charts/stable/navidrome/security.md index 749c1341078..afd8f776020 100644 --- a/charts/stable/navidrome/security.md +++ b/charts/stable/navidrome/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:43:47.237Z INFO Detected config files: 1 +2021-12-04T19:43:47.237Z INFO Detected config files: 1 #### navidrome/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:43:48.670Z INFO Detected OS: alpine -2021-12-04T19:43:48.670Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:48.678Z INFO Number of language-specific files: 0 +2021-12-04T19:43:48.670Z INFO Detected OS: alpine +2021-12-04T19:43:48.670Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:48.678Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,24 +61,21 @@ **Container: tccr.io/truecharts/navidrome:v0.47.0@sha256:0ca8781ecf33f961d9e1157b8f0aa0ad8d69cde3dac99e8084bd34aa73094128** -2021-12-04T19:43:54.304Z INFO Detected OS: alpine -2021-12-04T19:43:54.304Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:54.312Z INFO Number of language-specific files: 1 -2021-12-04T19:43:54.312Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:43:54.304Z INFO Detected OS: alpine +2021-12-04T19:43:54.304Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:54.312Z INFO Number of language-specific files: 1 +2021-12-04T19:43:54.312Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/navidrome:v0.47.0@sha256:0ca8781ecf33f961d9e1157b8f0aa0ad8d69cde3dac99e8084bd34aa73094128 (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/nextcloud/security.md b/charts/stable/nextcloud/security.md index 4630541a79e..e24879021eb 100644 --- a/charts/stable/nextcloud/security.md +++ b/charts/stable/nextcloud/security.md @@ -4,30 +4,30 @@ ##### Scan Results -2021-12-04T19:44:40.066Z INFO Detected config files: 3 +2021-12-04T19:44:40.066Z INFO Detected config files: 3 #### nextcloud/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -46,14 +46,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:44:42.515Z INFO Detected OS: alpine -2021-12-04T19:44:42.515Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:42.526Z INFO Number of language-specific files: 0 +2021-12-04T19:44:42.515Z INFO Detected OS: alpine +2021-12-04T19:44:42.515Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:42.526Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -81,16 +81,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:44:46.503Z INFO Detected OS: debian -2021-12-04T19:44:46.503Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:44:46.539Z INFO Number of language-specific files: 2 -2021-12-04T19:44:46.540Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:44:46.540Z INFO Detecting jar vulnerabilities... +2021-12-04T19:44:46.503Z INFO Detected OS: debian +2021-12-04T19:44:46.503Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:44:46.539Z INFO Number of language-specific files: 2 +2021-12-04T19:44:46.540Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:44:46.540Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -285,30 +285,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e** -2021-12-04T19:45:14.960Z INFO Detected OS: debian -2021-12-04T19:45:14.960Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:45:15.089Z INFO Number of language-specific files: 5 -2021-12-04T19:45:15.089Z INFO Detecting composer vulnerabilities... +2021-12-04T19:45:14.960Z INFO Detected OS: debian +2021-12-04T19:45:14.960Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:45:15.089Z INFO Number of language-specific files: 5 +2021-12-04T19:45:15.089Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | |
Click to expand!http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.iss.net/security_center/static/7494.php
http://www.securityfocus.com/bid/3521
| @@ -766,51 +766,51 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e** -2021-12-04T19:45:16.403Z INFO Detected OS: debian -2021-12-04T19:45:16.403Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:45:16.590Z INFO Number of language-specific files: 5 -2021-12-04T19:45:16.590Z INFO Detecting composer vulnerabilities... +2021-12-04T19:45:16.403Z INFO Detected OS: debian +2021-12-04T19:45:16.403Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:45:16.590Z INFO Number of language-specific files: 5 +2021-12-04T19:45:16.590Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | |
Click to expand!http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.iss.net/security_center/static/7494.php
http://www.securityfocus.com/bid/3521
| @@ -1268,50 +1268,50 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:17.969Z INFO Detected OS: alpine -2021-12-04T19:45:17.970Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:17.975Z INFO Number of language-specific files: 0 +2021-12-04T19:45:17.969Z INFO Detected OS: alpine +2021-12-04T19:45:17.970Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:17.975Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1339,15 +1339,15 @@ **Container: tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae** -2021-12-04T19:45:19.229Z INFO Detected OS: debian -2021-12-04T19:45:19.229Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:45:19.278Z INFO Number of language-specific files: 2 -2021-12-04T19:45:19.278Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:45:19.229Z INFO Detected OS: debian +2021-12-04T19:45:19.229Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:45:19.278Z INFO Number of language-specific files: 2 +2021-12-04T19:45:19.278Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1494,29 +1494,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:20.755Z INFO Detected OS: alpine -2021-12-04T19:45:20.755Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:20.765Z INFO Number of language-specific files: 0 +2021-12-04T19:45:20.755Z INFO Detected OS: alpine +2021-12-04T19:45:20.755Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:20.765Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1544,16 +1544,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:45:24.701Z INFO Detected OS: debian -2021-12-04T19:45:24.701Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:45:24.761Z INFO Number of language-specific files: 2 -2021-12-04T19:45:24.761Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:45:24.764Z INFO Detecting jar vulnerabilities... +2021-12-04T19:45:24.701Z INFO Detected OS: debian +2021-12-04T19:45:24.701Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:45:24.761Z INFO Number of language-specific files: 2 +2021-12-04T19:45:24.761Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:45:24.764Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1748,16 +1748,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/node-red/security.md b/charts/stable/node-red/security.md index ca0185c11d9..a4084e2a39c 100644 --- a/charts/stable/node-red/security.md +++ b/charts/stable/node-red/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:44:24.039Z INFO Detected config files: 1 +2021-12-04T19:44:24.039Z INFO Detected config files: 1 #### node-red/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:44:24.889Z INFO Detected OS: alpine -2021-12-04T19:44:24.890Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:24.905Z INFO Number of language-specific files: 0 +2021-12-04T19:44:24.889Z INFO Detected OS: alpine +2021-12-04T19:44:24.890Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:24.905Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,25 +61,24 @@ **Container: tccr.io/truecharts/node-red:v2.1.4@sha256:ede5c67753313e35ea6e0317573a74c77212822c33444b4b00ab562d2bdce97e** -2021-12-04T19:44:38.052Z INFO Detected OS: alpine -2021-12-04T19:44:38.052Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:38.055Z INFO Number of language-specific files: 1 -2021-12-04T19:44:38.055Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:44:38.052Z INFO Detected OS: alpine +2021-12-04T19:44:38.052Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:38.055Z INFO Number of language-specific files: 1 +2021-12-04T19:44:38.055Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/node-red:v2.1.4@sha256:ede5c67753313e35ea6e0317573a74c77212822c33444b4b00ab562d2bdce97e (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| - diff --git a/charts/stable/novnc/security.md b/charts/stable/novnc/security.md index 07df1d41f3c..c85665beb34 100644 --- a/charts/stable/novnc/security.md +++ b/charts/stable/novnc/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:44:38.541Z INFO Detected config files: 1 +2021-12-04T19:44:38.541Z INFO Detected config files: 1 #### novnc/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:44:41.889Z INFO Detected OS: alpine -2021-12-04T19:44:41.889Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:41.892Z INFO Number of language-specific files: 0 +2021-12-04T19:44:41.889Z INFO Detected OS: alpine +2021-12-04T19:44:41.889Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:41.892Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/novnc:version-1.2.0@sha256:aac782a823a7c34efce17d635a706cf967c6690784f0da9bd8efd4bb0bb598c1** -2021-12-04T19:44:45.918Z INFO Number of language-specific files: 1 -2021-12-04T19:44:45.918Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:44:45.918Z INFO Number of language-specific files: 1 +2021-12-04T19:44:45.918Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/nullserv/security.md b/charts/stable/nullserv/security.md index d20774f7ad7..7233f83582b 100644 --- a/charts/stable/nullserv/security.md +++ b/charts/stable/nullserv/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:44:38.997Z INFO Detected config files: 1 +2021-12-04T19:44:38.997Z INFO Detected config files: 1 #### nullserv/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:44:41.267Z INFO Detected OS: alpine -2021-12-04T19:44:41.267Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:41.273Z INFO Number of language-specific files: 0 +2021-12-04T19:44:41.267Z INFO Detected OS: alpine +2021-12-04T19:44:41.267Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:41.273Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/nullserv:v1.3.0@sha256:67aa9d50ba0c9547b4b0f7fc68c023a34b5e2b027f7bc9233120d5fbd6bcf3cd** -2021-12-04T19:44:48.390Z INFO Number of language-specific files: 0 +2021-12-04T19:44:48.390Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/nzbget/security.md b/charts/stable/nzbget/security.md index bec1092277f..467321a8762 100644 --- a/charts/stable/nzbget/security.md +++ b/charts/stable/nzbget/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:45:18.567Z INFO Detected config files: 1 +2021-12-04T19:45:18.567Z INFO Detected config files: 1 #### nzbget/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:19.970Z INFO Detected OS: alpine -2021-12-04T19:45:19.971Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:19.979Z INFO Number of language-specific files: 0 +2021-12-04T19:45:19.970Z INFO Detected OS: alpine +2021-12-04T19:45:19.971Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:19.979Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/nzbget:v21.1@sha256:381d4e760ee2de5b2f3a83d1f2885b3bffe891f6b961db0df94986b03868333a** -2021-12-04T19:45:23.988Z INFO Detected OS: ubuntu -2021-12-04T19:45:23.988Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:45:24.000Z INFO Number of language-specific files: 2 -2021-12-04T19:45:24.000Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:45:24.000Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:45:23.988Z INFO Detected OS: ubuntu +2021-12-04T19:45:23.988Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:45:24.000Z INFO Number of language-specific files: 2 +2021-12-04T19:45:24.000Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:45:24.000Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/nzbget:v21.1@sha256:381d4e760ee2de5b2f3a83d1f2885b3bffe891f6b961db0df94986b03868333a (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -150,15 +150,14 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/nzbhydra/security.md b/charts/stable/nzbhydra/security.md index cd4d3c1decf..f03ceb5f0de 100644 --- a/charts/stable/nzbhydra/security.md +++ b/charts/stable/nzbhydra/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:45:31.207Z INFO Detected config files: 1 +2021-12-04T19:45:31.207Z INFO Detected config files: 1 #### nzbhydra/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:32.082Z INFO Detected OS: alpine -2021-12-04T19:45:32.082Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:32.092Z INFO Number of language-specific files: 0 +2021-12-04T19:45:32.082Z INFO Detected OS: alpine +2021-12-04T19:45:32.082Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:32.092Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/nzbhydra2:v3.18.1@sha256:49f70e9135edc8afcc3343569f7d6dbc4b693012f502ed70783241b975990ef6** -2021-12-04T19:45:42.742Z INFO Detected OS: ubuntu -2021-12-04T19:45:42.742Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:45:42.746Z INFO Number of language-specific files: 1 -2021-12-04T19:45:42.746Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:45:42.742Z INFO Detected OS: ubuntu +2021-12-04T19:45:42.742Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:45:42.746Z INFO Number of language-specific files: 1 +2021-12-04T19:45:42.746Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/nzbhydra2:v3.18.1@sha256:49f70e9135edc8afcc3343569f7d6dbc4b693012f502ed70783241b975990ef6 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -159,8 +159,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/octoprint/security.md b/charts/stable/octoprint/security.md index e2ee9b3e49e..c43f5179f1d 100644 --- a/charts/stable/octoprint/security.md +++ b/charts/stable/octoprint/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:45:43.427Z INFO Detected config files: 1 +2021-12-04T19:45:43.427Z INFO Detected config files: 1 #### octoprint/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:44.310Z INFO Detected OS: alpine -2021-12-04T19:45:44.310Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:44.317Z INFO Number of language-specific files: 0 +2021-12-04T19:45:44.310Z INFO Detected OS: alpine +2021-12-04T19:45:44.310Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:44.317Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/octoprint:v1.7.2@sha256:80d677488365ad240b0cef90fa381ba849dcd82dfc62b11689d88da9867956c6** -2021-12-04T19:46:11.144Z INFO Detected OS: debian -2021-12-04T19:46:11.144Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:46:11.377Z INFO Number of language-specific files: 2 -2021-12-04T19:46:11.379Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:46:11.382Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:46:11.144Z INFO Detected OS: debian +2021-12-04T19:46:11.144Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:46:11.377Z INFO Number of language-specific files: 2 +2021-12-04T19:46:11.379Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:46:11.382Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/octoprint:v1.7.2@sha256:80d677488365ad240b0cef90fa381ba849dcd82dfc62b11689d88da9867956c6 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1477,15 +1477,14 @@ | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Werkzeug | pyup.io-42050 | UNKNOWN | 1.0.1 | 2.0.2 |
Click to expand!
| - diff --git a/charts/stable/odoo/security.md b/charts/stable/odoo/security.md index da57d5ee192..55c82744b5f 100644 --- a/charts/stable/odoo/security.md +++ b/charts/stable/odoo/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:46:19.308Z INFO Detected config files: 2 +2021-12-04T19:46:19.308Z INFO Detected config files: 2 #### odoo/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:24.427Z INFO Detected OS: alpine -2021-12-04T19:46:24.427Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:24.438Z INFO Number of language-specific files: 0 +2021-12-04T19:46:24.427Z INFO Detected OS: alpine +2021-12-04T19:46:24.427Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:24.438Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:46:26.755Z INFO Detected OS: debian -2021-12-04T19:46:26.755Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:46:26.782Z INFO Number of language-specific files: 2 -2021-12-04T19:46:26.782Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:46:26.782Z INFO Detecting jar vulnerabilities... +2021-12-04T19:46:26.755Z INFO Detected OS: debian +2021-12-04T19:46:26.755Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:46:26.782Z INFO Number of language-specific files: 2 +2021-12-04T19:46:26.782Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:46:26.782Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/odoo:version-14.0@sha256:dec23986ced979e029a78512272e2be18bab60d811bccb3d7ddc4b3241b210e2** -2021-12-04T19:46:54.798Z INFO Detected OS: debian -2021-12-04T19:46:54.798Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:46:54.842Z INFO Number of language-specific files: 1 -2021-12-04T19:46:54.843Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:46:54.798Z INFO Detected OS: debian +2021-12-04T19:46:54.798Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:46:54.842Z INFO Number of language-specific files: 1 +2021-12-04T19:46:54.843Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/odoo:version-14.0@sha256:dec23986ced979e029a78512272e2be18bab60d811bccb3d7ddc4b3241b210e2 (debian 10.10) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -686,22 +686,22 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:56.073Z INFO Detected OS: alpine -2021-12-04T19:46:56.073Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:56.078Z INFO Number of language-specific files: 0 +2021-12-04T19:46:56.073Z INFO Detected OS: alpine +2021-12-04T19:46:56.073Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:56.078Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -729,16 +729,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:46:57.394Z INFO Detected OS: debian -2021-12-04T19:46:57.394Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:46:57.421Z INFO Number of language-specific files: 2 -2021-12-04T19:46:57.421Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:46:57.421Z INFO Detecting jar vulnerabilities... +2021-12-04T19:46:57.394Z INFO Detected OS: debian +2021-12-04T19:46:57.394Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:46:57.421Z INFO Number of language-specific files: 2 +2021-12-04T19:46:57.421Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:46:57.421Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -933,16 +933,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/ombi/security.md b/charts/stable/ombi/security.md index 4ee99a3ac67..22a7092ca2a 100644 --- a/charts/stable/ombi/security.md +++ b/charts/stable/ombi/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:46:20.029Z INFO Detected config files: 1 +2021-12-04T19:46:20.029Z INFO Detected config files: 1 #### ombi/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:25.004Z INFO Detected OS: alpine -2021-12-04T19:46:25.004Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:25.012Z INFO Number of language-specific files: 0 +2021-12-04T19:46:25.004Z INFO Detected OS: alpine +2021-12-04T19:46:25.004Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:25.012Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/ombi:v4.0.1482@sha256:0fa4e81029d9adef9d773ce99db13ff3039fd087d58d7266cbcfd7462e7afc56** -2021-12-04T19:46:33.364Z INFO Detected OS: ubuntu -2021-12-04T19:46:33.364Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:46:33.367Z INFO Number of language-specific files: 1 -2021-12-04T19:46:33.367Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:46:33.364Z INFO Detected OS: ubuntu +2021-12-04T19:46:33.364Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:46:33.367Z INFO Number of language-specific files: 1 +2021-12-04T19:46:33.367Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/ombi:v4.0.1482@sha256:0fa4e81029d9adef9d773ce99db13ff3039fd087d58d7266cbcfd7462e7afc56 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -157,8 +157,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/onlyoffice-document-server/security.md b/charts/stable/onlyoffice-document-server/security.md index d0fd89484ba..590130214d0 100644 --- a/charts/stable/onlyoffice-document-server/security.md +++ b/charts/stable/onlyoffice-document-server/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:46:27.249Z INFO Detected config files: 1 +2021-12-04T19:46:27.249Z INFO Detected config files: 1 #### onlyoffice-document-server/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:56.675Z INFO Detected OS: alpine -2021-12-04T19:46:56.675Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:56.679Z INFO Number of language-specific files: 0 +2021-12-04T19:46:56.675Z INFO Detected OS: alpine +2021-12-04T19:46:56.675Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:56.679Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/documentserver:v6.4.2.6@sha256:c298cbb59a2d7f73a5a9bc5cc11f9e0e299ef2ab966e64f3e8d8382921a6341c** -2021-12-04T19:47:36.848Z INFO Detected OS: ubuntu -2021-12-04T19:47:36.848Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:47:36.860Z INFO Number of language-specific files: 0 +2021-12-04T19:47:36.848Z INFO Detected OS: ubuntu +2021-12-04T19:47:36.848Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:47:36.860Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/documentserver:v6.4.2.6@sha256:c298cbb59a2d7f73a5a9bc5cc11f9e0e299ef2ab966e64f3e8d8382921a6341c (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -440,4 +440,3 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/charts/stable/openkm/security.md b/charts/stable/openkm/security.md index eb80875ab12..1a4ef288953 100644 --- a/charts/stable/openkm/security.md +++ b/charts/stable/openkm/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:46:55.490Z INFO Detected config files: 2 +2021-12-04T19:46:55.490Z INFO Detected config files: 2 #### openkm/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -37,14 +37,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:58.372Z INFO Detected OS: alpine -2021-12-04T19:46:58.372Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:58.383Z INFO Number of language-specific files: 0 +2021-12-04T19:46:58.372Z INFO Detected OS: alpine +2021-12-04T19:46:58.372Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:58.383Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -72,16 +72,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:47:39.208Z INFO Detected OS: debian -2021-12-04T19:47:39.208Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:47:39.238Z INFO Number of language-specific files: 2 -2021-12-04T19:47:39.238Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:47:39.238Z INFO Detecting jar vulnerabilities... +2021-12-04T19:47:39.208Z INFO Detected OS: debian +2021-12-04T19:47:39.208Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:47:39.238Z INFO Number of language-specific files: 2 +2021-12-04T19:47:39.238Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:47:39.238Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -276,33 +276,33 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: 'tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c'** **Container: tccr.io/truecharts/openkm-ce:v6.3.11@sha256:941156f70c16350fb92d66f60007ac68abaee11265448eaacc40e821a46afc4d** -2021-12-04T19:48:32.457Z INFO Detected OS: ubuntu -2021-12-04T19:48:32.457Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:48:32.479Z INFO Number of language-specific files: 1 -2021-12-04T19:48:32.479Z INFO Detecting jar vulnerabilities... +2021-12-04T19:48:32.457Z INFO Detected OS: ubuntu +2021-12-04T19:48:32.457Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:48:32.479Z INFO Number of language-specific files: 1 +2021-12-04T19:48:32.479Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/openkm-ce:v6.3.11@sha256:941156f70c16350fb92d66f60007ac68abaee11265448eaacc40e821a46afc4d (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -726,7 +726,7 @@ | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-1ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ch.qos.logback:logback-classic | CVE-2017-5929 | CRITICAL | 1.1.3 | 1.2.0 |
Click to expand!http://www.cvedetails.com/cve/CVE-2017-5929/
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2017:1832
https://access.redhat.com/errata/RHSA-2018:2927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E
https://logback.qos.ch/news.html
https://nvd.nist.gov/vuln/detail/CVE-2017-5929
| @@ -870,14 +870,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:48:34.780Z INFO Detected OS: alpine -2021-12-04T19:48:34.780Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:34.783Z INFO Number of language-specific files: 0 +2021-12-04T19:48:34.780Z INFO Detected OS: alpine +2021-12-04T19:48:34.780Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:34.783Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -905,16 +905,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:48:38.094Z INFO Detected OS: debian -2021-12-04T19:48:38.094Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:48:38.112Z INFO Number of language-specific files: 2 -2021-12-04T19:48:38.112Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:48:38.112Z INFO Detecting jar vulnerabilities... +2021-12-04T19:48:38.094Z INFO Detected OS: debian +2021-12-04T19:48:38.094Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:48:38.112Z INFO Number of language-specific files: 2 +2021-12-04T19:48:38.112Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:48:38.112Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1109,16 +1109,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/openldap/security.md b/charts/stable/openldap/security.md index 9755ee7f319..f001ddc7f17 100644 --- a/charts/stable/openldap/security.md +++ b/charts/stable/openldap/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:47:37.294Z INFO Detected config files: 1 +2021-12-04T19:47:37.294Z INFO Detected config files: 1 #### openldap/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:47:38.590Z INFO Detected OS: alpine -2021-12-04T19:47:38.590Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:47:38.601Z INFO Number of language-specific files: 0 +2021-12-04T19:47:38.590Z INFO Detected OS: alpine +2021-12-04T19:47:38.590Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:47:38.601Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/openldap:v1.5.0@sha256:d7e4f9279595ea1772efac4063876b29a96ff54c214f2c3ba52d2c3bfca8928c** -2021-12-04T19:47:44.128Z INFO Detected OS: debian -2021-12-04T19:47:44.128Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:47:44.171Z INFO Number of language-specific files: 2 -2021-12-04T19:47:44.171Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:47:44.128Z INFO Detected OS: debian +2021-12-04T19:47:44.128Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:47:44.171Z INFO Number of language-specific files: 2 +2021-12-04T19:47:44.171Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/openldap:v1.5.0@sha256:d7e4f9279595ea1772efac4063876b29a96ff54c214f2c3ba52d2c3bfca8928c (debian 10.8) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.2 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -434,14 +434,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20201012173705-84dcc777aaee | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20201012173705-84dcc777aaee | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/charts/stable/organizr/security.md b/charts/stable/organizr/security.md index 133b0145e2f..87bc7f1b9a4 100644 --- a/charts/stable/organizr/security.md +++ b/charts/stable/organizr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:47:37.746Z INFO Detected config files: 1 +2021-12-04T19:47:37.746Z INFO Detected config files: 1 #### organizr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:47:47.295Z INFO Detected OS: alpine -2021-12-04T19:47:47.295Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:47:47.302Z INFO Number of language-specific files: 0 +2021-12-04T19:47:47.295Z INFO Detected OS: alpine +2021-12-04T19:47:47.295Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:47:47.302Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/organizr:latest@sha256:ca1794e822f705b63c5753d56c7eecfd23e1ae77ddffb5a66b13c2ec7f587ad3** -2021-12-04T19:47:51.140Z INFO Detected OS: alpine -2021-12-04T19:47:51.140Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:47:51.157Z INFO Number of language-specific files: 0 +2021-12-04T19:47:51.140Z INFO Detected OS: alpine +2021-12-04T19:47:51.140Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:47:51.157Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/organizr:latest@sha256:ca1794e822f705b63c5753d56c7eecfd23e1ae77ddffb5a66b13c2ec7f587ad3 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -114,4 +114,3 @@ | ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| - diff --git a/charts/stable/oscam/security.md b/charts/stable/oscam/security.md index 7677d728a0e..1df8e0b28b0 100644 --- a/charts/stable/oscam/security.md +++ b/charts/stable/oscam/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:48:33.326Z INFO Detected config files: 1 +2021-12-04T19:48:33.326Z INFO Detected config files: 1 #### oscam/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:48:43.241Z INFO Detected OS: alpine -2021-12-04T19:48:43.241Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:43.251Z INFO Number of language-specific files: 0 +2021-12-04T19:48:43.241Z INFO Detected OS: alpine +2021-12-04T19:48:43.241Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:43.251Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/oscam:version-11693@sha256:dcaa24c5076e020243aa0bcf2b5e2edbd1fcf6f9066c50e3f5c2f32937c68cb9** -2021-12-04T19:49:00.993Z INFO Number of language-specific files: 0 +2021-12-04T19:49:00.993Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/overseerr/security.md b/charts/stable/overseerr/security.md index e3831eae476..0ecc00df157 100644 --- a/charts/stable/overseerr/security.md +++ b/charts/stable/overseerr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:48:35.093Z INFO Detected config files: 1 +2021-12-04T19:48:35.093Z INFO Detected config files: 1 #### overseerr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:48:36.515Z INFO Detected OS: alpine -2021-12-04T19:48:36.516Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:36.519Z INFO Number of language-specific files: 0 +2021-12-04T19:48:36.515Z INFO Detected OS: alpine +2021-12-04T19:48:36.516Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:36.519Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,17 +61,17 @@ **Container: tccr.io/truecharts/overseerr:v1.27.0@sha256:cf3d0ae6c0df50e397a567e49d2ba891c2dc46cb1145f11acf0a12b82a3bfcd9** -2021-12-04T19:48:58.965Z INFO Detected OS: alpine -2021-12-04T19:48:58.965Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:58.966Z INFO Number of language-specific files: 1 -2021-12-04T19:48:58.966Z INFO Detecting node-pkg vulnerabilities... -2021-12-04T19:48:58.990Z WARN This OS version is no longer supported by the distribution: alpine 3.11.12 -2021-12-04T19:48:58.990Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:48:58.965Z INFO Detected OS: alpine +2021-12-04T19:48:58.965Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:58.966Z INFO Number of language-specific files: 1 +2021-12-04T19:48:58.966Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:48:58.990Z WARN This OS version is no longer supported by the distribution: alpine 3.11.12 +2021-12-04T19:48:58.990Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/overseerr:v1.27.0@sha256:cf3d0ae6c0df50e397a567e49d2ba891c2dc46cb1145f11acf0a12b82a3bfcd9 (alpine 3.11.12) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -96,7 +96,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r10 | 1.31.1-r11 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -118,4 +118,3 @@ | tar | CVE-2021-37701 | HIGH | 6.1.0 | 6.1.7, 5.0.8, 4.4.16 |
Click to expand!https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37712 | HIGH | 6.1.0 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37713 | HIGH | 6.1.0 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/charts/stable/owncast/security.md b/charts/stable/owncast/security.md index 8a9ace4fa1c..e2d27558a45 100644 --- a/charts/stable/owncast/security.md +++ b/charts/stable/owncast/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:48:33.033Z INFO Detected config files: 1 +2021-12-04T19:48:33.033Z INFO Detected config files: 1 #### owncast/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:48:35.660Z INFO Detected OS: alpine -2021-12-04T19:48:35.660Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:35.666Z INFO Number of language-specific files: 0 +2021-12-04T19:48:35.660Z INFO Detected OS: alpine +2021-12-04T19:48:35.660Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:35.666Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/owncast:v0.0.10@sha256:59e455798cacf118a74184755b060f48bcc05dc56bb9d4f696bcc77f411f1ad0** -2021-12-04T19:48:41.846Z INFO Detected OS: alpine -2021-12-04T19:48:41.846Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:41.849Z INFO Number of language-specific files: 1 -2021-12-04T19:48:41.849Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:48:41.846Z INFO Detected OS: alpine +2021-12-04T19:48:41.846Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:41.849Z INFO Number of language-specific files: 1 +2021-12-04T19:48:41.849Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/owncast:v0.0.10@sha256:59e455798cacf118a74184755b060f48bcc05dc56bb9d4f696bcc77f411f1ad0 (alpine 3.12.0) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -117,9 +117,6 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r16 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/owncloud-ocis/security.md b/charts/stable/owncloud-ocis/security.md index 814276e668d..8b45e287d68 100644 --- a/charts/stable/owncloud-ocis/security.md +++ b/charts/stable/owncloud-ocis/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:49:22.457Z INFO Detected config files: 1 +2021-12-04T19:49:22.457Z INFO Detected config files: 1 #### owncloud-ocis/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:49:23.264Z INFO Detected OS: alpine -2021-12-04T19:49:23.264Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:23.275Z INFO Number of language-specific files: 0 +2021-12-04T19:49:23.264Z INFO Detected OS: alpine +2021-12-04T19:49:23.264Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:23.275Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,24 +61,23 @@ **Container: tccr.io/truecharts/ocis:v1.15.0@sha256:513bf715f330afcd06918be63f47b8ad7bf80515d3ed2b29afdb7da00ed66eb4** -2021-12-04T19:49:26.300Z INFO Detected OS: alpine -2021-12-04T19:49:26.300Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:26.300Z INFO Number of language-specific files: 1 -2021-12-04T19:49:26.301Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:49:26.300Z INFO Detected OS: alpine +2021-12-04T19:49:26.300Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:26.300Z INFO Number of language-specific files: 1 +2021-12-04T19:49:26.301Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/ocis:v1.15.0@sha256:513bf715f330afcd06918be63f47b8ad7bf80515d3ed2b29afdb7da00ed66eb4 (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/dgrijalva/jwt-go | CVE-2020-26160 | HIGH | v3.2.0+incompatible | |
Click to expand!https://github.com/dgrijalva/jwt-go/pull/426
https://nvd.nist.gov/vuln/detail/CVE-2020-26160
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| - diff --git a/charts/stable/pgadmin/security.md b/charts/stable/pgadmin/security.md index a655638ccfa..b42525e23f4 100644 --- a/charts/stable/pgadmin/security.md +++ b/charts/stable/pgadmin/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:49:26.951Z INFO Detected config files: 1 +2021-12-04T19:49:26.951Z INFO Detected config files: 1 #### pgadmin/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:49:27.762Z INFO Detected OS: alpine -2021-12-04T19:49:27.762Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:27.781Z INFO Number of language-specific files: 0 +2021-12-04T19:49:27.762Z INFO Detected OS: alpine +2021-12-04T19:49:27.762Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:27.781Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,25 +61,24 @@ **Container: tccr.io/truecharts/pgadmin4:v6.2@sha256:56a1cc09742301c5cca10f75f9766a85f7b8c9a256ee88cdf04ad1038db2f2cd** -2021-12-04T19:49:35.161Z INFO Detected OS: alpine -2021-12-04T19:49:35.161Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:35.162Z INFO Number of language-specific files: 1 -2021-12-04T19:49:35.162Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:49:35.161Z INFO Detected OS: alpine +2021-12-04T19:49:35.161Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:35.162Z INFO Number of language-specific files: 1 +2021-12-04T19:49:35.162Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/pgadmin4:v6.2@sha256:56a1cc09742301c5cca10f75f9766a85f7b8c9a256ee88cdf04ad1038db2f2cd (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Flask-Security-Too | CVE-2021-32618 | MEDIUM | 4.1.2 | |
Click to expand!https://github.com/Flask-Middleware/flask-security/issues/486
https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-6qmf-fj6m-686c
https://github.com/advisories/GHSA-6qmf-fj6m-686c
https://nvd.nist.gov/vuln/detail/CVE-2021-32618
| | WTForms | pyup.io-42852 | UNKNOWN | 2.3.3 | 3.0.0a1 |
Click to expand!
| | Werkzeug | pyup.io-42050 | UNKNOWN | 1.0.1 | 2.0.2 |
Click to expand!
| - diff --git a/charts/stable/photoprism/security.md b/charts/stable/photoprism/security.md index c4456535361..00d20a13a83 100644 --- a/charts/stable/photoprism/security.md +++ b/charts/stable/photoprism/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:49:56.482Z INFO Detected config files: 2 +2021-12-04T19:49:56.482Z INFO Detected config files: 2 #### photoprism/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:49:57.995Z INFO Detected OS: alpine -2021-12-04T19:49:57.995Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:58.003Z INFO Number of language-specific files: 0 +2021-12-04T19:49:57.995Z INFO Detected OS: alpine +2021-12-04T19:49:57.995Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:58.003Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,15 +70,15 @@ **Container: tccr.io/truecharts/photoprism:v20211130@sha256:97fa3752e28cd26282f06b87f299c63f5b8413b84de09acd8b71375a2b77540f** -2021-12-04T19:50:32.255Z INFO Detected OS: ubuntu -2021-12-04T19:50:32.255Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:50:32.258Z INFO Number of language-specific files: 2 -2021-12-04T19:50:32.258Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:50:32.255Z INFO Detected OS: ubuntu +2021-12-04T19:50:32.255Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:50:32.258Z INFO Number of language-specific files: 2 +2021-12-04T19:50:32.258Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/photoprism:v20211130@sha256:97fa3752e28cd26282f06b87f299c63f5b8413b84de09acd8b71375a2b77540f (ubuntu 21.10) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | coreutils | CVE-2016-2781 | LOW | 8.32-4ubuntu2 | |
Click to expand!http://seclists.org/oss-sec/2016/q1/452
http://www.openwall.com/lists/oss-security/2016/02/28/2
http://www.openwall.com/lists/oss-security/2016/02/28/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lore.kernel.org/patchwork/patch/793178/
| @@ -251,28 +251,28 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+22ubuntu2 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:50:33.452Z INFO Detected OS: alpine -2021-12-04T19:50:33.452Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:50:33.456Z INFO Number of language-specific files: 0 +2021-12-04T19:50:33.452Z INFO Detected OS: alpine +2021-12-04T19:50:33.452Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:50:33.456Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -300,15 +300,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:51:01.039Z INFO Detected OS: debian -2021-12-04T19:51:01.039Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:51:01.074Z INFO Number of language-specific files: 2 -2021-12-04T19:51:01.074Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:51:01.039Z INFO Detected OS: debian +2021-12-04T19:51:01.039Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:51:01.074Z INFO Number of language-specific files: 2 +2021-12-04T19:51:01.074Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -457,16 +457,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/photoshow/security.md b/charts/stable/photoshow/security.md index cc95e05c6e1..76b81a1df5c 100644 --- a/charts/stable/photoshow/security.md +++ b/charts/stable/photoshow/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:49:49.158Z INFO Detected config files: 1 +2021-12-04T19:49:49.158Z INFO Detected config files: 1 #### photoshow/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:49:49.954Z INFO Detected OS: alpine -2021-12-04T19:49:49.954Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:49.961Z INFO Number of language-specific files: 0 +2021-12-04T19:49:49.954Z INFO Detected OS: alpine +2021-12-04T19:49:49.954Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:49.961Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/photoshow:version-48aabb98@sha256:03c034b9ffc3db42e8255c502665ddb352f0219404494bceba8e7c1263f53dfc** -2021-12-04T19:49:55.464Z INFO Number of language-specific files: 0 +2021-12-04T19:49:55.464Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/phpldapadmin/security.md b/charts/stable/phpldapadmin/security.md index 9311b1dfe5b..8beb7957f3c 100644 --- a/charts/stable/phpldapadmin/security.md +++ b/charts/stable/phpldapadmin/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:50:33.848Z INFO Detected config files: 1 +2021-12-04T19:50:33.848Z INFO Detected config files: 1 #### phpldapadmin/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:50:47.244Z INFO Detected OS: alpine -2021-12-04T19:50:47.244Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:50:47.251Z INFO Number of language-specific files: 0 +2021-12-04T19:50:47.244Z INFO Detected OS: alpine +2021-12-04T19:50:47.244Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:50:47.251Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/phpldapadmin:v0.9.0@sha256:5e68d251665b187cc920985f74f57f8ba2ce44cb8d7efaaa100cc19493974807** -2021-12-04T19:50:59.904Z INFO Detected OS: debian -2021-12-04T19:50:59.904Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:50:59.958Z INFO Number of language-specific files: 0 +2021-12-04T19:50:59.904Z INFO Detected OS: debian +2021-12-04T19:50:59.904Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:50:59.958Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/phpldapadmin:v0.9.0@sha256:5e68d251665b187cc920985f74f57f8ba2ce44cb8d7efaaa100cc19493974807 (debian 10.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2020-11984 | CRITICAL | 2.4.38-3+deb10u3 | 2.4.38-3+deb10u4 |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html
http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html
http://www.openwall.com/lists/oss-security/2020/08/08/1
http://www.openwall.com/lists/oss-security/2020/08/08/10
http://www.openwall.com/lists/oss-security/2020/08/08/8
http://www.openwall.com/lists/oss-security/2020/08/08/9
http://www.openwall.com/lists/oss-security/2020/08/10/5
http://www.openwall.com/lists/oss-security/2020/08/17/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984
https://linux.oracle.com/cve/CVE-2020-11984.html
https://linux.oracle.com/errata/ELSA-2021-1809.html
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9f3244fd9abbce8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9@%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
https://security.gentoo.org/glsa/202008-04
https://security.netapp.com/advisory/ntap-20200814-0005/
https://ubuntu.com/security/notices/USN-4458-1
https://ubuntu.com/security/notices/USN-5054-1
https://usn.ubuntu.com/4458-1/
https://www.debian.org/security/2020/dsa-4757
https://www.openwall.com/lists/oss-security/2020/08/07/1
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
| @@ -816,4 +816,3 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| - diff --git a/charts/stable/piaware/security.md b/charts/stable/piaware/security.md index 6df9d72df11..aaffe96d436 100644 --- a/charts/stable/piaware/security.md +++ b/charts/stable/piaware/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:50:32.785Z INFO Detected config files: 1 +2021-12-04T19:50:32.785Z INFO Detected config files: 1 #### piaware/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:50:35.144Z INFO Detected OS: alpine -2021-12-04T19:50:35.144Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:50:35.149Z INFO Number of language-specific files: 0 +2021-12-04T19:50:35.144Z INFO Detected OS: alpine +2021-12-04T19:50:35.144Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:50:35.149Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/piaware:v6.1@sha256:89938418a62cd3b4bed5e556fb64443f9e0cb9f14bbf41777c09b04f2f1e4f8a** -2021-12-04T19:50:42.077Z INFO Detected OS: debian -2021-12-04T19:50:42.077Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:50:42.098Z INFO Number of language-specific files: 1 -2021-12-04T19:50:42.098Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:50:42.077Z INFO Detected OS: debian +2021-12-04T19:50:42.077Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:50:42.098Z INFO Number of language-specific files: 1 +2021-12-04T19:50:42.098Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/piaware:v6.1@sha256:89938418a62cd3b4bed5e556fb64443f9e0cb9f14bbf41777c09b04f2f1e4f8a (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -240,9 +240,6 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/pihole/security.md b/charts/stable/pihole/security.md index ae95b2fbe18..36e2bd5fcf2 100644 --- a/charts/stable/pihole/security.md +++ b/charts/stable/pihole/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:50:35.610Z INFO Detected config files: 1 +2021-12-04T19:50:35.610Z INFO Detected config files: 1 #### pihole/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:50:43.031Z INFO Detected OS: alpine -2021-12-04T19:50:43.031Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:50:43.039Z INFO Number of language-specific files: 0 +2021-12-04T19:50:43.031Z INFO Detected OS: alpine +2021-12-04T19:50:43.031Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:50:43.039Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/pihole:v2021.10.1@sha256:406a7368955ed3248a924bcb9c578d8554793048e025deb59f03caf6fd3f17c4** -2021-12-04T19:50:52.356Z INFO Detected OS: debian -2021-12-04T19:50:52.356Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:50:52.423Z INFO Number of language-specific files: 2 -2021-12-04T19:50:52.424Z INFO Detecting composer vulnerabilities... -2021-12-04T19:50:52.424Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:50:52.356Z INFO Detected OS: debian +2021-12-04T19:50:52.356Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:50:52.423Z INFO Number of language-specific files: 2 +2021-12-04T19:50:52.424Z INFO Detecting composer vulnerabilities... +2021-12-04T19:50:52.424Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/pihole:v2021.10.1@sha256:406a7368955ed3248a924bcb9c578d8554793048e025deb59f03caf6fd3f17c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -310,16 +310,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/pixapop/security.md b/charts/stable/pixapop/security.md index 244619a0717..83825173a9e 100644 --- a/charts/stable/pixapop/security.md +++ b/charts/stable/pixapop/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:51:16.882Z INFO Detected config files: 1 +2021-12-04T19:51:16.882Z INFO Detected config files: 1 #### pixapop/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:51:18.169Z INFO Detected OS: alpine -2021-12-04T19:51:18.169Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:51:18.172Z INFO Number of language-specific files: 0 +2021-12-04T19:51:18.169Z INFO Detected OS: alpine +2021-12-04T19:51:18.169Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:51:18.172Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/pixapop:v1.2-ls15@sha256:6a05383524fcd51b0b692d508dd16ed6948337aa272677e01baa6d8ba119c070** -2021-12-04T19:51:32.200Z INFO Number of language-specific files: 2 -2021-12-04T19:51:32.200Z INFO Detecting composer vulnerabilities... -2021-12-04T19:51:32.211Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:51:32.200Z INFO Number of language-specific files: 2 +2021-12-04T19:51:32.200Z INFO Detecting composer vulnerabilities... +2021-12-04T19:51:32.211Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | acorn | GHSA-6chw-6frg-f759 | HIGH | 6.1.1 | 5.7.4, 7.1.1, 6.4.1 |
Click to expand!https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
https://github.com/acornjs/acorn/issues/929
https://github.com/advisories/GHSA-6chw-6frg-f759
https://snyk.io/vuln/SNYK-JS-ACORN-559469
https://www.npmjs.com/advisories/1488
| @@ -126,7 +126,7 @@ | yargs-parser | CVE-2020-7608 | MEDIUM | 7.0.0 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 |
Click to expand!https://github.com/advisories/GHSA-p9pc-299p-vxgp
https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
https://linux.oracle.com/cve/CVE-2020-7608.html
https://linux.oracle.com/errata/ELSA-2021-0548.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7608
https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
https://www.npmjs.com/advisories/1500
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | symfony/cache | CVE-2019-18889 | CRITICAL | v4.2.3 | 3.4.35, 4.1.0, 4.2.0, 4.2.12, 4.3.8, 3.2.0, 3.3.0, 3.4.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml
https://github.com/advisories/GHSA-79gr-58r3-pwm3
https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
https://nvd.nist.gov/vuln/detail/CVE-2019-18889
https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-18889
| @@ -138,4 +138,3 @@ | symfony/http-kernel | CVE-2019-18887 | HIGH | v4.2.4 | 2.8.0, 3.4.35, 4.3.8, 2.7.0, 2.6.0, 3.1.0, 4.1.0, 4.2.0, 4.2.12, 2.5.0, 3.2.0, 3.3.0, 3.4.0, 2.4.0, 2.8.52, 2.3.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-18887
| | symfony/var-exporter | CVE-2019-11325 | CRITICAL | v4.2.3 | 4.2.12, 4.3.8 |
Click to expand!https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml
https://github.com/advisories/GHSA-w4rc-rx25-8m86
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3
https://nvd.nist.gov/vuln/detail/CVE-2019-11325
https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-11325
| | twig/twig | CVE-2019-9942 | LOW | v2.6.2 | 1.38.0, 2.7.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9942
https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077
https://seclists.org/bugtraq/2019/Mar/60
https://symfony.com/blog/twig-sandbox-information-disclosure
https://www.debian.org/security/2019/dsa-4419
| - diff --git a/charts/stable/plex/security.md b/charts/stable/plex/security.md index 212ba810d8b..b34a5a968db 100644 --- a/charts/stable/plex/security.md +++ b/charts/stable/plex/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:51:39.489Z INFO Detected config files: 1 +2021-12-04T19:51:39.489Z INFO Detected config files: 1 #### plex/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:51:40.295Z INFO Detected OS: alpine -2021-12-04T19:51:40.295Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:51:40.304Z INFO Number of language-specific files: 0 +2021-12-04T19:51:40.295Z INFO Detected OS: alpine +2021-12-04T19:51:40.295Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:51:40.304Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/plex:v1.24.5.5173-8dcc73a59@sha256:48eeac73915041bd70aba28814e8b8f453dbf9948410c578e25d234089286437** -2021-12-04T19:51:54.555Z INFO Detected OS: ubuntu -2021-12-04T19:51:54.555Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:51:54.557Z INFO Number of language-specific files: 1 -2021-12-04T19:51:54.557Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:51:54.555Z INFO Detected OS: ubuntu +2021-12-04T19:51:54.555Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:51:54.557Z INFO Number of language-specific files: 1 +2021-12-04T19:51:54.557Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/plex:v1.24.5.5173-8dcc73a59@sha256:48eeac73915041bd70aba28814e8b8f453dbf9948410c578e25d234089286437 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -153,8 +153,7 @@ | unrar | CVE-2018-25018 | MEDIUM | 1:5.6.6-2build1 | |
Click to expand!https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25018
https://github.com/aawc/unrar/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/podgrab/security.md b/charts/stable/podgrab/security.md index 3dfe243c1bf..d20d4de1b31 100644 --- a/charts/stable/podgrab/security.md +++ b/charts/stable/podgrab/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:51:55.158Z INFO Detected config files: 1 +2021-12-04T19:51:55.158Z INFO Detected config files: 1 #### podgrab/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:51:56.895Z INFO Detected OS: alpine -2021-12-04T19:51:56.895Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:51:56.901Z INFO Number of language-specific files: 0 +2021-12-04T19:51:56.895Z INFO Detected OS: alpine +2021-12-04T19:51:56.895Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:51:56.901Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,27 +61,26 @@ **Container: tccr.io/truecharts/podgrab:v1.0.0@sha256:069fb1ef81d47a37137da2cfd249423c8dc330086c2a2e1271c5895f9f8cae9f** -2021-12-04T19:52:00.409Z INFO Detected OS: alpine -2021-12-04T19:52:00.409Z WARN This OS version is not on the EOL list: alpine 3.15 -2021-12-04T19:52:00.409Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:00.410Z INFO Number of language-specific files: 1 -2021-12-04T19:52:00.410Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:52:00.411Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 -2021-12-04T19:52:00.411Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:52:00.409Z INFO Detected OS: alpine +2021-12-04T19:52:00.409Z WARN This OS version is not on the EOL list: alpine 3.15 +2021-12-04T19:52:00.409Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:00.410Z INFO Number of language-specific files: 1 +2021-12-04T19:52:00.410Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:52:00.411Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 +2021-12-04T19:52:00.411Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/podgrab:v1.0.0@sha256:069fb1ef81d47a37137da2cfd249423c8dc330086c2a2e1271c5895f9f8cae9f (alpine 3.15.0) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200820211705-5c72a883971a | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/charts/stable/pretend-youre-xyzzy/security.md b/charts/stable/pretend-youre-xyzzy/security.md index f59811ce4b8..986046c1306 100644 --- a/charts/stable/pretend-youre-xyzzy/security.md +++ b/charts/stable/pretend-youre-xyzzy/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:51:55.621Z INFO Detected config files: 1 +2021-12-04T19:51:55.621Z INFO Detected config files: 1 #### pretend-youre-xyzzy/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:51:57.630Z INFO Detected OS: alpine -2021-12-04T19:51:57.630Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:51:57.637Z INFO Number of language-specific files: 0 +2021-12-04T19:51:57.630Z INFO Detected OS: alpine +2021-12-04T19:51:57.630Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:51:57.637Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,17 +61,17 @@ **Container: tccr.io/truecharts/pretend-youre-xyzzy:v4@sha256:d2b339819975c546a5360e160c793a615e86ab04e5aed91427ff1dd850205ace** -2021-12-04T19:52:11.214Z INFO Detected OS: alpine -2021-12-04T19:52:11.214Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:11.217Z INFO Number of language-specific files: 1 -2021-12-04T19:52:11.217Z INFO Detecting jar vulnerabilities... -2021-12-04T19:52:11.219Z WARN This OS version is no longer supported by the distribution: alpine 3.4.0 -2021-12-04T19:52:11.219Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:52:11.214Z INFO Detected OS: alpine +2021-12-04T19:52:11.214Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:11.217Z INFO Number of language-specific files: 1 +2021-12-04T19:52:11.217Z INFO Detecting jar vulnerabilities... +2021-12-04T19:52:11.219Z WARN This OS version is no longer supported by the distribution: alpine 3.4.0 +2021-12-04T19:52:11.219Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/pretend-youre-xyzzy:v4@sha256:d2b339819975c546a5360e160c793a615e86ab04e5aed91427ff1dd850205ace (alpine 3.4.0) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | libcrypto1.0 | CVE-2018-0732 | HIGH | 1.0.2n-r0 | 1.0.2o-r1 |
Click to expand!http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104442
http://www.securitytracker.com/id/1041090
https://access.redhat.com/errata/RHSA-2018:2552
https://access.redhat.com/errata/RHSA-2018:2553
https://access.redhat.com/errata/RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1543
https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
https://linux.oracle.com/cve/CVE-2018-0732.html
https://linux.oracle.com/errata/ELSA-2018-4249.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
https://security.gentoo.org/glsa/201811-03
https://security.netapp.com/advisory/ntap-20181105-0001/
https://security.netapp.com/advisory/ntap-20190118-0002/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://ubuntu.com/security/notices/USN-3692-1
https://ubuntu.com/security/notices/USN-3692-2
https://usn.ubuntu.com/3692-1/
https://usn.ubuntu.com/3692-2/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.openssl.org/news/secadv/20180612.txt
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2018-12
https://www.tenable.com/security/tns-2018-13
https://www.tenable.com/security/tns-2018-14
https://www.tenable.com/security/tns-2018-17
| @@ -88,7 +88,7 @@ | libssl1.0 | CVE-2018-5407 | MEDIUM | 1.0.2n-r0 | 1.0.2q-r0 |
Click to expand!http://www.securityfocus.com/bid/105897
https://access.redhat.com/errata/RHSA-2019:0483
https://access.redhat.com/errata/RHSA-2019:0651
https://access.redhat.com/errata/RHSA-2019:0652
https://access.redhat.com/errata/RHSA-2019:2125
https://access.redhat.com/errata/RHSA-2019:3929
https://access.redhat.com/errata/RHSA-2019:3931
https://access.redhat.com/errata/RHSA-2019:3932
https://access.redhat.com/errata/RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
https://eprint.iacr.org/2018/1060.pdf
https://github.com/bbbrumley/portsmash
https://linux.oracle.com/cve/CVE-2018-5407.html
https://linux.oracle.com/errata/ELSA-2019-2125.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.gentoo.org/glsa/201903-10
https://security.netapp.com/advisory/ntap-20181126-0001/
https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/notices/USN-3840-1
https://usn.ubuntu.com/3840-1/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.exploit-db.com/exploits/45785/
https://www.openssl.org/news/secadv/20181112.txt
https://www.openwall.com/lists/oss-security/2018/11/01/4
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2018-16
https://www.tenable.com/security/tns-2018-17
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.google.guava:guava | CVE-2018-10237 | MEDIUM | 20.0 | 24.1.1-jre, 24.1.1-android |
Click to expand!http://www.securitytracker.com/id/1041707
https://access.redhat.com/errata/RHSA-2018:2423
https://access.redhat.com/errata/RHSA-2018:2424
https://access.redhat.com/errata/RHSA-2018:2425
https://access.redhat.com/errata/RHSA-2018:2428
https://access.redhat.com/errata/RHSA-2018:2598
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2743
https://access.redhat.com/errata/RHSA-2018:2927
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://github.com/advisories/GHSA-mvr2-9pj6-7w5j
https://github.com/google/guava/wiki/CVE-2018-10237
https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion
https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084@%3Cgitbox.activemq.apache.org%3E
https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc@%3Chdfs-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94@%3Cissues.storm.apache.org%3E
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540@%3Cdev.syncope.apache.org%3E
https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45@%3Cissues.flink.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-10237
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -97,4 +97,3 @@ | commons-io:commons-io | CVE-2021-29425 | MEDIUM | 2.6 | 2.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
https://github.com/advisories/GHSA-gwrp-pvrq-jmwv
https://issues.apache.org/jira/browse/IO-556
https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa@%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31@%3Cdev.commons.apache.org%3E
https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a@%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330@%3Cdev.commons.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2021-29425
https://ubuntu.com/security/notices/USN-5095-1
https://www.openwall.com/lists/oss-security/2021/04/12/1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.apache.httpcomponents:httpclient | CVE-2020-13956 | MEDIUM | 4.5.5 | 4.5.13 |
Click to expand!https://github.com/advisories/GHSA-7r82-7xv7-xcpj
https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89@%3Cdev.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E
https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d@%3Ccommits.drill.apache.org%3E
https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381@%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3@%3Cissues.hive.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13956
https://www.openwall.com/lists/oss-security/2020/10/08/4
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.jsoup:jsoup | CVE-2021-37714 | HIGH | 1.11.2 | 1.14.2 |
Click to expand!https://github.com/advisories/GHSA-m72m-mhq2-9p6c
https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c
https://jsoup.org/news/release-1.14.1
https://jsoup.org/news/release-1.14.2
https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b@%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe@%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa@%3Cnotifications.james.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-37714
| - diff --git a/charts/stable/promcord/security.md b/charts/stable/promcord/security.md index 95165f1156a..23e23f43906 100644 --- a/charts/stable/promcord/security.md +++ b/charts/stable/promcord/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:52:12.453Z INFO Detected config files: 1 +2021-12-04T19:52:12.453Z INFO Detected config files: 1 #### promcord/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:52:13.353Z INFO Detected OS: alpine -2021-12-04T19:52:13.353Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:13.360Z INFO Number of language-specific files: 0 +2021-12-04T19:52:13.353Z INFO Detected OS: alpine +2021-12-04T19:52:13.353Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:13.360Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/promcord:latest@sha256:ba9bee8d89b3ce86ca55d1bd29e13deb31f73a004991b17d8d80c73f2cc1c03c** -2021-12-04T19:52:27.089Z INFO Detected OS: debian -2021-12-04T19:52:27.089Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:52:27.123Z INFO Number of language-specific files: 1 -2021-12-04T19:52:27.123Z INFO Detecting jar vulnerabilities... +2021-12-04T19:52:27.089Z INFO Detected OS: debian +2021-12-04T19:52:27.089Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:52:27.123Z INFO Number of language-specific files: 1 +2021-12-04T19:52:27.123Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/promcord:latest@sha256:ba9bee8d89b3ce86ca55d1bd29e13deb31f73a004991b17d8d80c73f2cc1c03c (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -137,8 +137,7 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-25649 | HIGH | 2.10.1 | 2.6.7.4, 2.9.10.7, 2.10.5.1 |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1887664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649
https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)
https://github.com/FasterXML/jackson-databind/issues/2589
https://github.com/advisories/GHSA-288c-cq4h-88gq
https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/
https://nvd.nist.gov/vuln/detail/CVE-2020-25649
https://security.netapp.com/advisory/ntap-20210108-0007/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/charts/stable/protonmail-bridge/security.md b/charts/stable/protonmail-bridge/security.md index 30a6ec54afc..d04efe49963 100644 --- a/charts/stable/protonmail-bridge/security.md +++ b/charts/stable/protonmail-bridge/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:52:39.475Z INFO Detected config files: 1 +2021-12-04T19:52:39.475Z INFO Detected config files: 1 #### protonmail-bridge/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:52:40.282Z INFO Detected OS: alpine -2021-12-04T19:52:40.282Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:40.289Z INFO Number of language-specific files: 0 +2021-12-04T19:52:40.282Z INFO Detected OS: alpine +2021-12-04T19:52:40.282Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:40.289Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/protonmail-bridge:v1.8.10-1@sha256:58a54002123cc9a83cfb3170deb0a1dbf4cedabdced09a9c6bcafc19ee4b5631** -2021-12-04T19:52:50.299Z INFO Detected OS: ubuntu -2021-12-04T19:52:50.299Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:52:50.309Z INFO Number of language-specific files: 0 +2021-12-04T19:52:50.299Z INFO Detected OS: ubuntu +2021-12-04T19:52:50.299Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:52:50.309Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/protonmail-bridge:v1.8.10-1@sha256:58a54002123cc9a83cfb3170deb0a1dbf4cedabdced09a9c6bcafc19ee4b5631 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -164,4 +164,3 @@ | passwd | CVE-2013-4235 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | passwd | CVE-2018-7169 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| - diff --git a/charts/stable/prowlarr/security.md b/charts/stable/prowlarr/security.md index 2c6de50696f..ccfedee3c35 100644 --- a/charts/stable/prowlarr/security.md +++ b/charts/stable/prowlarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:52:51.030Z INFO Detected config files: 1 +2021-12-04T19:52:51.030Z INFO Detected config files: 1 #### prowlarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:52:51.717Z INFO Detected OS: alpine -2021-12-04T19:52:51.717Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:51.727Z INFO Number of language-specific files: 0 +2021-12-04T19:52:51.717Z INFO Detected OS: alpine +2021-12-04T19:52:51.717Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:51.727Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/prowlarr:v0.1.6.1184@sha256:44938a94880e98d0636612cbb3a92b0dc0688c060f7415265c44372e272f4deb** -2021-12-04T19:53:00.578Z INFO Detected OS: ubuntu -2021-12-04T19:53:00.578Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:53:00.580Z INFO Number of language-specific files: 1 -2021-12-04T19:53:00.580Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:53:00.578Z INFO Detected OS: ubuntu +2021-12-04T19:53:00.578Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:53:00.580Z INFO Number of language-specific files: 1 +2021-12-04T19:53:00.580Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/prowlarr:v0.1.6.1184@sha256:44938a94880e98d0636612cbb3a92b0dc0688c060f7415265c44372e272f4deb (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -150,8 +150,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/pyload/security.md b/charts/stable/pyload/security.md index 4e0c5f734dd..51795e3e5d2 100644 --- a/charts/stable/pyload/security.md +++ b/charts/stable/pyload/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:53:01.277Z INFO Detected config files: 1 +2021-12-04T19:53:01.277Z INFO Detected config files: 1 #### pyload/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:53:02.112Z INFO Detected OS: alpine -2021-12-04T19:53:02.112Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:53:02.117Z INFO Number of language-specific files: 0 +2021-12-04T19:53:02.112Z INFO Detected OS: alpine +2021-12-04T19:53:02.112Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:53:02.117Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,13 +61,13 @@ **Container: tccr.io/truecharts/pyload:version-5de90278@sha256:c33489498cb4541bbf936b1ebd1eaebfb0cae279f738aa0e6184969089e94081** -2021-12-04T19:53:13.623Z INFO Number of language-specific files: 1 -2021-12-04T19:53:13.623Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:53:13.623Z INFO Number of language-specific files: 1 +2021-12-04T19:53:13.623Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -98,4 +98,3 @@ | Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 |
Click to expand!https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
| | pycrypto | CVE-2013-7459 | CRITICAL | 2.6.1 | |
Click to expand!http://www.openwall.com/lists/oss-security/2016/12/27/8
http://www.securityfocus.com/bid/95122
https://bugzilla.redhat.com/show_bug.cgi?id=1409754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459
https://github.com/advisories/GHSA-cq27-v7xp-c356
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
https://github.com/dlitz/pycrypto/issues/176
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/
https://nvd.nist.gov/vuln/detail/CVE-2013-7459
https://pony7.fr/ctf:public:32c3:cryptmsg
https://security.gentoo.org/glsa/201702-14
https://ubuntu.com/security/notices/USN-3199-1
https://ubuntu.com/security/notices/USN-3199-2
https://ubuntu.com/security/notices/USN-3199-3
| | pycrypto | CVE-2018-6594 | HIGH | 2.6.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
https://github.com/Legrandin/pycryptodome/issues/90
https://github.com/TElgamal/attack-on-pycrypto-elgamal
https://github.com/advisories/GHSA-6528-wvf6-f6qg
https://github.com/dlitz/pycrypto/issues/253
https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
https://nvd.nist.gov/vuln/detail/CVE-2018-6594
https://security.gentoo.org/glsa/202007-62
https://ubuntu.com/security/notices/USN-3616-1
https://ubuntu.com/security/notices/USN-3616-2
https://usn.ubuntu.com/3616-1/
https://usn.ubuntu.com/3616-2/
| - diff --git a/charts/stable/qbittorrent/security.md b/charts/stable/qbittorrent/security.md index fce32d16feb..36edb139675 100644 --- a/charts/stable/qbittorrent/security.md +++ b/charts/stable/qbittorrent/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:53:14.440Z INFO Detected config files: 1 +2021-12-04T19:53:14.440Z INFO Detected config files: 1 #### qbittorrent/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:53:15.325Z INFO Detected OS: alpine -2021-12-04T19:53:15.325Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:53:15.330Z INFO Number of language-specific files: 0 +2021-12-04T19:53:15.325Z INFO Detected OS: alpine +2021-12-04T19:53:15.325Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:53:15.330Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/qbittorrent:v4.3.9@sha256:6508ca6bd05d003d92852d5bd8deaae3176d776a5789ad68199ba1807d43cf8c** -2021-12-04T19:53:19.253Z INFO Detected OS: ubuntu -2021-12-04T19:53:19.253Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:53:19.263Z INFO Number of language-specific files: 1 -2021-12-04T19:53:19.263Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:53:19.253Z INFO Detected OS: ubuntu +2021-12-04T19:53:19.253Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:53:19.263Z INFO Number of language-specific files: 1 +2021-12-04T19:53:19.263Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/qbittorrent:v4.3.9@sha256:6508ca6bd05d003d92852d5bd8deaae3176d776a5789ad68199ba1807d43cf8c (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -164,8 +164,7 @@ | unrar | CVE-2018-25018 | MEDIUM | 1:5.6.6-2build1 | |
Click to expand!https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25018
https://github.com/aawc/unrar/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/radarr/security.md b/charts/stable/radarr/security.md index 59856c3446c..0549b92d84f 100644 --- a/charts/stable/radarr/security.md +++ b/charts/stable/radarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:53:35.250Z INFO Detected config files: 1 +2021-12-04T19:53:35.250Z INFO Detected config files: 1 #### radarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:53:36.742Z INFO Detected OS: alpine -2021-12-04T19:53:36.742Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:53:36.748Z INFO Number of language-specific files: 0 +2021-12-04T19:53:36.742Z INFO Detected OS: alpine +2021-12-04T19:53:36.742Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:53:36.748Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/radarr:v3.2.2.5080@sha256:6013953bf2b8c6546fed1b2265f5978b30403fa26b990aab7a5ed6e86088866e** -2021-12-04T19:53:42.459Z INFO Detected OS: ubuntu -2021-12-04T19:53:42.459Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:53:42.461Z INFO Number of language-specific files: 1 -2021-12-04T19:53:42.461Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:53:42.459Z INFO Detected OS: ubuntu +2021-12-04T19:53:42.459Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:53:42.461Z INFO Number of language-specific files: 1 +2021-12-04T19:53:42.461Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/radarr:v3.2.2.5080@sha256:6013953bf2b8c6546fed1b2265f5978b30403fa26b990aab7a5ed6e86088866e (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -154,8 +154,7 @@ | perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/readarr/security.md b/charts/stable/readarr/security.md index 0657e7081b4..f86cfe5d71a 100644 --- a/charts/stable/readarr/security.md +++ b/charts/stable/readarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:53:46.659Z INFO Detected config files: 1 +2021-12-04T19:53:46.659Z INFO Detected config files: 1 #### readarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:53:49.441Z INFO Detected OS: alpine -2021-12-04T19:53:49.441Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:53:49.448Z INFO Number of language-specific files: 0 +2021-12-04T19:53:49.441Z INFO Detected OS: alpine +2021-12-04T19:53:49.441Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:53:49.448Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/readarr:v0.1.0.1081@sha256:0750f1d772a4e9915f0241bff4e7aee030d53186ec83a0bad4630b3bf6926880** -2021-12-04T19:54:00.112Z INFO Detected OS: ubuntu -2021-12-04T19:54:00.112Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:54:00.131Z INFO Number of language-specific files: 1 -2021-12-04T19:54:00.131Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:54:00.112Z INFO Detected OS: ubuntu +2021-12-04T19:54:00.112Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:54:00.131Z INFO Number of language-specific files: 1 +2021-12-04T19:54:00.131Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/readarr:v0.1.0.1081@sha256:0750f1d772a4e9915f0241bff4e7aee030d53186ec83a0bad4630b3bf6926880 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -150,8 +150,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/recipes/security.md b/charts/stable/recipes/security.md index 1f63080cf91..b5ce651bafc 100644 --- a/charts/stable/recipes/security.md +++ b/charts/stable/recipes/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:54:11.231Z INFO Detected config files: 2 +2021-12-04T19:54:11.231Z INFO Detected config files: 2 #### recipes/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -37,14 +37,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:12.167Z INFO Detected OS: alpine -2021-12-04T19:54:12.168Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:12.172Z INFO Number of language-specific files: 0 +2021-12-04T19:54:12.167Z INFO Detected OS: alpine +2021-12-04T19:54:12.168Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:12.172Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -72,16 +72,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:54:13.238Z INFO Detected OS: debian -2021-12-04T19:54:13.238Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:54:13.279Z INFO Number of language-specific files: 2 -2021-12-04T19:54:13.279Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:54:13.279Z INFO Detecting jar vulnerabilities... +2021-12-04T19:54:13.238Z INFO Detected OS: debian +2021-12-04T19:54:13.238Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:54:13.279Z INFO Number of language-specific files: 2 +2021-12-04T19:54:13.279Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:54:13.279Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -276,31 +276,31 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/recipes:v1.0.2@sha256:d61f230769c64948f1b2c56ec189666bb08821b02f383f4e0c299c35d2542cbc** -2021-12-04T19:54:42.983Z INFO Detected OS: alpine -2021-12-04T19:54:42.983Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:42.985Z INFO Number of language-specific files: 2 -2021-12-04T19:54:42.985Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:54:42.998Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:54:42.983Z INFO Detected OS: alpine +2021-12-04T19:54:42.983Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:42.985Z INFO Number of language-specific files: 2 +2021-12-04T19:54:42.985Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:54:42.998Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/recipes:v1.0.2@sha256:d61f230769c64948f1b2c56ec189666bb08821b02f383f4e0c299c35d2542cbc (alpine 3.12.7) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.6-r0 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -331,7 +331,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | @actions/core | CVE-2020-15228 | MEDIUM | 1.2.0 | 1.2.6 |
Click to expand!http://packetstormsecurity.com/files/159794/GitHub-Widespread-Injection.html
https://github.com/actions/toolkit/security/advisories/GHSA-mfwh-5m23-j46w
https://github.com/advisories/GHSA-mfwh-5m23-j46w
https://nvd.nist.gov/vuln/detail/CVE-2020-15228
| @@ -343,7 +343,7 @@ | nth-check | CVE-2021-3803 | HIGH | 1.0.2 | 2.0.1 |
Click to expand!https://github.com/advisories/GHSA-rp65-9cf3-cjxr
https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726
https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0
https://nvd.nist.gov/vuln/detail/CVE-2021-3803
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | python-ldap | GHSA-r8wq-qrxc-hmcm | MEDIUM | 3.3.1 | 3.4.0 |
Click to expand!https://github.com/advisories/GHSA-r8wq-qrxc-hmcm
https://github.com/python-ldap/python-ldap/issues/424
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
| @@ -356,14 +356,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:48.281Z INFO Detected OS: alpine -2021-12-04T19:54:48.281Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:48.288Z INFO Number of language-specific files: 0 +2021-12-04T19:54:48.281Z INFO Detected OS: alpine +2021-12-04T19:54:48.281Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:48.288Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -391,16 +391,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:54:53.455Z INFO Detected OS: debian -2021-12-04T19:54:53.455Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:54:53.518Z INFO Number of language-specific files: 2 -2021-12-04T19:54:53.518Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:54:53.518Z INFO Detecting jar vulnerabilities... +2021-12-04T19:54:53.455Z INFO Detected OS: debian +2021-12-04T19:54:53.455Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:54:53.518Z INFO Number of language-specific files: 2 +2021-12-04T19:54:53.518Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:54:53.518Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -595,16 +595,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/reg/security.md b/charts/stable/reg/security.md index 4a060692c17..740348d0f26 100644 --- a/charts/stable/reg/security.md +++ b/charts/stable/reg/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:54:04.941Z INFO Detected config files: 1 +2021-12-04T19:54:04.941Z INFO Detected config files: 1 #### reg/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:05.759Z INFO Detected OS: alpine -2021-12-04T19:54:05.759Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:05.767Z INFO Number of language-specific files: 0 +2021-12-04T19:54:05.759Z INFO Detected OS: alpine +2021-12-04T19:54:05.759Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:05.767Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/reg:v0.16.1@sha256:ae581387764a23c62c1386389e27358bac5088790904938264cb0bcd4e8c946c** -2021-12-04T19:54:10.068Z INFO Detected OS: ubuntu -2021-12-04T19:54:10.068Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:54:10.072Z INFO Number of language-specific files: 2 -2021-12-04T19:54:10.072Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:54:10.068Z INFO Detected OS: ubuntu +2021-12-04T19:54:10.068Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:54:10.072Z INFO Number of language-specific files: 2 +2021-12-04T19:54:10.072Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/reg:v0.16.1@sha256:ae581387764a23c62c1386389e27358bac5088790904938264cb0bcd4e8c946c (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -171,7 +171,7 @@ | perl-modules-5.30 | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.2.9 | v1.4.11, v1.5.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://nvd.nist.gov/vuln/detail/CVE-2021-41103
https://ubuntu.com/security/notices/USN-5100-1
https://www.debian.org/security/2021/dsa-5002
| @@ -185,8 +185,7 @@ | github.com/opencontainers/runc | CVE-2019-19921 | HIGH | v0.1.1 | v1.0.0-rc9.0.20200122160610-2fc03cc11c77 |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
https://access.redhat.com/errata/RHSA-2020:0688
https://access.redhat.com/errata/RHSA-2020:0695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921
https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
https://github.com/opencontainers/runc/issues/2197
https://github.com/opencontainers/runc/pull/2190
https://github.com/opencontainers/runc/pull/2207
https://github.com/opencontainers/runc/releases
https://linux.oracle.com/cve/CVE-2019-19921.html
https://linux.oracle.com/errata/ELSA-2020-1650.html
https://security-tracker.debian.org/tracker/CVE-2019-19921
https://security.gentoo.org/glsa/202003-21
https://ubuntu.com/security/notices/USN-4297-1
https://usn.ubuntu.com/4297-1/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/remmina/security.md b/charts/stable/remmina/security.md index f999f515639..0e06e0a1cd0 100644 --- a/charts/stable/remmina/security.md +++ b/charts/stable/remmina/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:54:43.607Z INFO Detected config files: 1 +2021-12-04T19:54:43.607Z INFO Detected config files: 1 #### remmina/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:44.408Z INFO Detected OS: alpine -2021-12-04T19:54:44.408Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:44.417Z INFO Number of language-specific files: 0 +2021-12-04T19:54:44.408Z INFO Detected OS: alpine +2021-12-04T19:54:44.408Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:44.417Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/remmina:version-1.2.0-rcgit.29dfsg-1ubuntu1@sha256:c7795b9222063e436c77a94436da5e1bcdc1b13891f936673369588830a5ae8d** -2021-12-04T19:54:46.555Z INFO Detected OS: ubuntu -2021-12-04T19:54:46.555Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:54:46.566Z INFO Number of language-specific files: 1 -2021-12-04T19:54:46.566Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:54:46.555Z INFO Detected OS: ubuntu +2021-12-04T19:54:46.555Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:54:46.566Z INFO Number of language-specific files: 1 +2021-12-04T19:54:46.566Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/remmina:version-1.2.0-rcgit.29dfsg-1ubuntu1@sha256:c7795b9222063e436c77a94436da5e1bcdc1b13891f936673369588830a5ae8d (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -298,9 +298,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/charts/stable/resilio-sync/security.md b/charts/stable/resilio-sync/security.md index 5b060d68200..8fe5ecb25ca 100644 --- a/charts/stable/resilio-sync/security.md +++ b/charts/stable/resilio-sync/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:54:45.053Z INFO Detected config files: 1 +2021-12-04T19:54:45.053Z INFO Detected config files: 1 #### resilio-sync/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:47.633Z INFO Detected OS: alpine -2021-12-04T19:54:47.633Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:47.643Z INFO Number of language-specific files: 0 +2021-12-04T19:54:47.633Z INFO Detected OS: alpine +2021-12-04T19:54:47.633Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:47.643Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/resilio-sync:version-2.7.2.1375@sha256:54f42485d39a7773ff2e13c27ebfc32fc448eaf13f8972f38e14eedadb0b3a2e** -2021-12-04T19:54:52.339Z INFO Detected OS: ubuntu -2021-12-04T19:54:52.339Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:54:52.342Z INFO Number of language-specific files: 0 +2021-12-04T19:54:52.339Z INFO Detected OS: ubuntu +2021-12-04T19:54:52.339Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:54:52.342Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/resilio-sync:version-2.7.2.1375@sha256:54f42485d39a7773ff2e13c27ebfc32fc448eaf13f8972f38e14eedadb0b3a2e (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -183,4 +183,3 @@ | passwd | CVE-2013-4235 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | passwd | CVE-2018-7169 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| - diff --git a/charts/stable/sabnzbd/security.md b/charts/stable/sabnzbd/security.md index f32eb00b4ab..f36e918568a 100644 --- a/charts/stable/sabnzbd/security.md +++ b/charts/stable/sabnzbd/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:54:54.455Z INFO Detected config files: 1 +2021-12-04T19:54:54.455Z INFO Detected config files: 1 #### sabnzbd/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:55.570Z INFO Detected OS: alpine -2021-12-04T19:54:55.570Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:55.583Z INFO Number of language-specific files: 0 +2021-12-04T19:54:55.570Z INFO Detected OS: alpine +2021-12-04T19:54:55.570Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:55.583Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/sabnzbd:v3.4.2@sha256:23f1fd8ff6709a1f11b08134f5463887efcfaa5aa1beadf32984d56b9b93c35d** -2021-12-04T19:55:00.638Z INFO Detected OS: ubuntu -2021-12-04T19:55:00.638Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:55:00.641Z INFO Number of language-specific files: 2 -2021-12-04T19:55:00.641Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:55:00.641Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:55:00.638Z INFO Detected OS: ubuntu +2021-12-04T19:55:00.638Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:55:00.641Z INFO Number of language-specific files: 2 +2021-12-04T19:55:00.641Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:55:00.641Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/sabnzbd:v3.4.2@sha256:23f1fd8ff6709a1f11b08134f5463887efcfaa5aa1beadf32984d56b9b93c35d (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -149,15 +149,14 @@ | unrar | CVE-2018-25018 | MEDIUM | 1:5.6.6-2build1 | |
Click to expand!https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25018
https://github.com/aawc/unrar/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/ser2sock/security.md b/charts/stable/ser2sock/security.md index 8976e57fa25..4bec5c0ecb2 100644 --- a/charts/stable/ser2sock/security.md +++ b/charts/stable/ser2sock/security.md @@ -4,7 +4,7 @@ ##### Scan Results -2021-12-04T19:55:29.375Z INFO Detected config files: 0 +2021-12-04T19:55:29.375Z INFO Detected config files: 0 | No Vulnerabilities found | |:---------------------------------| @@ -15,4 +15,3 @@ ##### Scan Results - diff --git a/charts/stable/shiori/security.md b/charts/stable/shiori/security.md index b8f5d978bfb..9c2a93f43c8 100644 --- a/charts/stable/shiori/security.md +++ b/charts/stable/shiori/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:55:50.174Z INFO Detected config files: 2 +2021-12-04T19:55:50.174Z INFO Detected config files: 2 #### shiori/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:55:53.657Z INFO Detected OS: alpine -2021-12-04T19:55:53.657Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:55:53.665Z INFO Number of language-specific files: 0 +2021-12-04T19:55:53.657Z INFO Detected OS: alpine +2021-12-04T19:55:53.657Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:55:53.665Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:55:55.004Z INFO Detected OS: debian -2021-12-04T19:55:55.005Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:55:55.041Z INFO Number of language-specific files: 2 -2021-12-04T19:55:55.041Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:55:55.042Z INFO Detecting jar vulnerabilities... +2021-12-04T19:55:55.004Z INFO Detected OS: debian +2021-12-04T19:55:55.005Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:55:55.041Z INFO Number of language-specific files: 2 +2021-12-04T19:55:55.041Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:55:55.042Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,28 +275,28 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/shiori:version-v1.5.0@sha256:6c6331888c9a5162def49b6212327242f7f5c96e2d5a1bb031f79321cc1c0549** -2021-12-04T19:56:03.324Z INFO Number of language-specific files: 1 -2021-12-04T19:56:03.324Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:56:03.324Z INFO Number of language-specific files: 1 +2021-12-04T19:56:03.324Z INFO Detecting gobinary vulnerabilities... #### go/bin/shiori - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20190701094942-4def268fd1a4 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| @@ -304,14 +304,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:56:04.946Z INFO Detected OS: alpine -2021-12-04T19:56:04.946Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:56:04.960Z INFO Number of language-specific files: 0 +2021-12-04T19:56:04.946Z INFO Detected OS: alpine +2021-12-04T19:56:04.946Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:56:04.960Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -339,16 +339,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:56:06.183Z INFO Detected OS: debian -2021-12-04T19:56:06.183Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:56:06.236Z INFO Number of language-specific files: 2 -2021-12-04T19:56:06.236Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:56:06.236Z INFO Detecting jar vulnerabilities... +2021-12-04T19:56:06.183Z INFO Detected OS: debian +2021-12-04T19:56:06.183Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:56:06.236Z INFO Number of language-specific files: 2 +2021-12-04T19:56:06.236Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:56:06.236Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -543,16 +543,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/shorturl/security.md b/charts/stable/shorturl/security.md index 5b7c2366542..1c8b3b5232e 100644 --- a/charts/stable/shorturl/security.md +++ b/charts/stable/shorturl/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:55:45.195Z INFO Detected config files: 1 +2021-12-04T19:55:45.195Z INFO Detected config files: 1 #### shorturl/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:55:49.512Z INFO Detected OS: alpine -2021-12-04T19:55:49.512Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:55:49.521Z INFO Number of language-specific files: 0 +2021-12-04T19:55:49.512Z INFO Detected OS: alpine +2021-12-04T19:55:49.512Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:55:49.521Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/shorturl:version-v0.1.0@sha256:3893eab50b4d790958b31cbb7fd5d545369e7f91ee2d77551352a6510c86ba03** -2021-12-04T19:55:52.102Z INFO Number of language-specific files: 0 +2021-12-04T19:55:52.102Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/sickchill/security.md b/charts/stable/sickchill/security.md index 531b954abb5..4780e01c8b1 100644 --- a/charts/stable/sickchill/security.md +++ b/charts/stable/sickchill/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:55:52.602Z INFO Detected config files: 1 +2021-12-04T19:55:52.602Z INFO Detected config files: 1 #### sickchill/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:55:54.295Z INFO Detected OS: alpine -2021-12-04T19:55:54.295Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:55:54.301Z INFO Number of language-specific files: 0 +2021-12-04T19:55:54.295Z INFO Detected OS: alpine +2021-12-04T19:55:54.295Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:55:54.301Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/sickchill:v2021.5.10-1-ls63@sha256:f9fd82d8c6d12bc85dcc7813b7216087efb006dc05104ce67386ec989be25dc4** -2021-12-04T19:56:01.534Z INFO Number of language-specific files: 1 -2021-12-04T19:56:01.534Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:56:01.534Z INFO Number of language-specific files: 1 +2021-12-04T19:56:01.534Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/sickgear/security.md b/charts/stable/sickgear/security.md index be19d0d7441..6464eebf7e7 100644 --- a/charts/stable/sickgear/security.md +++ b/charts/stable/sickgear/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:56:04.011Z INFO Detected config files: 1 +2021-12-04T19:56:04.011Z INFO Detected config files: 1 #### sickgear/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:56:05.604Z INFO Detected OS: alpine -2021-12-04T19:56:05.605Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:56:05.620Z INFO Number of language-specific files: 0 +2021-12-04T19:56:05.604Z INFO Detected OS: alpine +2021-12-04T19:56:05.605Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:56:05.620Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/sickgear:version-release_0.25.4@sha256:6a78e9f784cf298552402143bee239858956f4783c7619e9a2b960c0d0d15d73** -2021-12-04T19:56:10.897Z INFO Number of language-specific files: 0 +2021-12-04T19:56:10.897Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/smokeping/security.md b/charts/stable/smokeping/security.md index 325ef7d9953..976bf057228 100644 --- a/charts/stable/smokeping/security.md +++ b/charts/stable/smokeping/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:56:31.963Z INFO Detected config files: 1 +2021-12-04T19:56:31.963Z INFO Detected config files: 1 #### smokeping/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:56:33.193Z INFO Detected OS: alpine -2021-12-04T19:56:33.193Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:56:33.202Z INFO Number of language-specific files: 0 +2021-12-04T19:56:33.193Z INFO Detected OS: alpine +2021-12-04T19:56:33.193Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:56:33.202Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/smokeping:version-2.7.3-r5@sha256:e56ba2420901250afb865a7e03e43956dcff17503ce44c48b20064980a42f5a4** -2021-12-04T19:56:42.773Z INFO Number of language-specific files: 0 +2021-12-04T19:56:42.773Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/sonarr/security.md b/charts/stable/sonarr/security.md index aa44f5c7bb4..38625eae526 100644 --- a/charts/stable/sonarr/security.md +++ b/charts/stable/sonarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:56:44.447Z INFO Detected config files: 1 +2021-12-04T19:56:44.447Z INFO Detected config files: 1 #### sonarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:56:45.218Z INFO Detected OS: alpine -2021-12-04T19:56:45.218Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:56:45.231Z INFO Number of language-specific files: 0 +2021-12-04T19:56:45.218Z INFO Detected OS: alpine +2021-12-04T19:56:45.218Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:56:45.231Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/sonarr:v3.0.6.1342@sha256:245800dc1c4304f8121bf0d3e5dda4251eb613b0dfe20e5975ceb9f88eaba8e6** -2021-12-04T19:57:01.803Z INFO Detected OS: ubuntu -2021-12-04T19:57:01.803Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:57:01.806Z INFO Number of language-specific files: 1 -2021-12-04T19:57:01.806Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:57:01.803Z INFO Detected OS: ubuntu +2021-12-04T19:57:01.803Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:57:01.806Z INFO Number of language-specific files: 1 +2021-12-04T19:57:01.806Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/sonarr:v3.0.6.1342@sha256:245800dc1c4304f8121bf0d3e5dda4251eb613b0dfe20e5975ceb9f88eaba8e6 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -181,8 +181,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/speedtest-exporter/security.md b/charts/stable/speedtest-exporter/security.md index dd52f59a0e2..5d5e5b3c487 100644 --- a/charts/stable/speedtest-exporter/security.md +++ b/charts/stable/speedtest-exporter/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:02.665Z INFO Detected config files: 1 +2021-12-04T19:57:02.665Z INFO Detected config files: 1 #### speedtest-exporter/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:03.873Z INFO Detected OS: alpine -2021-12-04T19:57:03.873Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:03.882Z INFO Number of language-specific files: 0 +2021-12-04T19:57:03.873Z INFO Detected OS: alpine +2021-12-04T19:57:03.873Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:03.882Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/speedtest-exporter:v3.3.4** -2021-12-04T19:57:09.310Z INFO Detected OS: alpine -2021-12-04T19:57:09.310Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:09.318Z INFO Number of language-specific files: 1 -2021-12-04T19:57:09.318Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:57:09.310Z INFO Detected OS: alpine +2021-12-04T19:57:09.310Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:09.318Z INFO Number of language-specific files: 1 +2021-12-04T19:57:09.318Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/speedtest-exporter:v3.3.4 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -97,9 +97,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/sqlitebrowser/security.md b/charts/stable/sqlitebrowser/security.md index da5a8ae5dd4..83edd6fd0c2 100644 --- a/charts/stable/sqlitebrowser/security.md +++ b/charts/stable/sqlitebrowser/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:02.264Z INFO Detected config files: 1 +2021-12-04T19:57:02.264Z INFO Detected config files: 1 #### sqlitebrowser/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:03.304Z INFO Detected OS: alpine -2021-12-04T19:57:03.304Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:03.310Z INFO Number of language-specific files: 0 +2021-12-04T19:57:03.304Z INFO Detected OS: alpine +2021-12-04T19:57:03.304Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:03.310Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/sqlitebrowser:version-3.12.2-02876202105241947ubuntu18.04.1@sha256:fc18746d4b3c37355ef0015b34c9bdd1d023c528d05097bf6dc839d54234fc48** -2021-12-04T19:57:06.495Z INFO Detected OS: ubuntu -2021-12-04T19:57:06.495Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:57:06.506Z INFO Number of language-specific files: 1 -2021-12-04T19:57:06.506Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:57:06.495Z INFO Detected OS: ubuntu +2021-12-04T19:57:06.495Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:57:06.506Z INFO Number of language-specific files: 1 +2021-12-04T19:57:06.506Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/sqlitebrowser:version-3.12.2-02876202105241947ubuntu18.04.1@sha256:fc18746d4b3c37355ef0015b34c9bdd1d023c528d05097bf6dc839d54234fc48 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -284,9 +284,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/charts/stable/stash/security.md b/charts/stable/stash/security.md index 7857f219385..994b1cc347f 100644 --- a/charts/stable/stash/security.md +++ b/charts/stable/stash/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:23.328Z INFO Detected config files: 1 +2021-12-04T19:57:23.328Z INFO Detected config files: 1 #### stash/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:24.345Z INFO Detected OS: alpine -2021-12-04T19:57:24.345Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:24.360Z INFO Number of language-specific files: 0 +2021-12-04T19:57:24.345Z INFO Detected OS: alpine +2021-12-04T19:57:24.345Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:24.360Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,32 +61,29 @@ **Container: tccr.io/truecharts/stash:v0.11.0@sha256:8ce5c582a35c7ad8db0ef9e0bcfeb03bccfa1bc7e8432f36ec572f8e5a2fc97d** -2021-12-04T19:57:32.061Z INFO Detected OS: alpine -2021-12-04T19:57:32.061Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:32.084Z INFO Number of language-specific files: 2 -2021-12-04T19:57:32.084Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:57:32.085Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:57:32.061Z INFO Detected OS: alpine +2021-12-04T19:57:32.061Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:32.084Z INFO Number of language-specific files: 2 +2021-12-04T19:57:32.084Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:57:32.085Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/stash:v0.11.0@sha256:8ce5c582a35c7ad8db0ef9e0bcfeb03bccfa1bc7e8432f36ec572f8e5a2fc97d (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/static/security.md b/charts/stable/static/security.md index 7fa02b82fec..455e99b1249 100644 --- a/charts/stable/static/security.md +++ b/charts/stable/static/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:48.240Z INFO Detected config files: 1 +2021-12-04T19:57:48.240Z INFO Detected config files: 1 #### static/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:49.600Z INFO Detected OS: alpine -2021-12-04T19:57:49.600Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:49.606Z INFO Number of language-specific files: 0 +2021-12-04T19:57:49.600Z INFO Detected OS: alpine +2021-12-04T19:57:49.600Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:49.606Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/static:version-ee8a20c@sha256:5644e67d64d9c23330ffd83e62a99f268a801b6d76b67d07a998952de131e00b** -2021-12-04T19:57:52.038Z INFO Number of language-specific files: 1 -2021-12-04T19:57:52.038Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:57:52.038Z INFO Number of language-specific files: 1 +2021-12-04T19:57:52.038Z INFO Detecting gobinary vulnerabilities... #### go/bin/static - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/statping/security.md b/charts/stable/statping/security.md index 554100818d9..a67e153a8be 100644 --- a/charts/stable/statping/security.md +++ b/charts/stable/statping/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:58:03.642Z INFO Detected config files: 2 +2021-12-04T19:58:03.642Z INFO Detected config files: 2 #### statping/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:04.723Z INFO Detected OS: alpine -2021-12-04T19:58:04.723Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:04.728Z INFO Number of language-specific files: 0 +2021-12-04T19:58:04.723Z INFO Detected OS: alpine +2021-12-04T19:58:04.723Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:04.728Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:58:05.556Z INFO Detected OS: debian -2021-12-04T19:58:05.557Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:58:05.594Z INFO Number of language-specific files: 2 -2021-12-04T19:58:05.594Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:58:05.603Z INFO Detecting jar vulnerabilities... +2021-12-04T19:58:05.556Z INFO Detected OS: debian +2021-12-04T19:58:05.557Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:58:05.594Z INFO Number of language-specific files: 2 +2021-12-04T19:58:05.594Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:05.603Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/statping:v0.90.74@sha256:1c7e6cf35253668dd55ab20dde3c3e10d2fefd31416963b81d63846b672f38ce** -2021-12-04T19:58:09.072Z INFO Detected OS: alpine -2021-12-04T19:58:09.072Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:09.073Z INFO Number of language-specific files: 1 -2021-12-04T19:58:09.073Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:09.072Z INFO Detected OS: alpine +2021-12-04T19:58:09.072Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:09.073Z INFO Number of language-specific files: 1 +2021-12-04T19:58:09.073Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/statping:v0.90.74@sha256:1c7e6cf35253668dd55ab20dde3c3e10d2fefd31416963b81d63846b672f38ce (alpine 3.12.3) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -365,7 +365,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r19 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/dgrijalva/jwt-go | CVE-2020-26160 | HIGH | v3.2.0+incompatible | |
Click to expand!https://github.com/dgrijalva/jwt-go/pull/426
https://nvd.nist.gov/vuln/detail/CVE-2020-26160
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
| @@ -373,14 +373,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:09.949Z INFO Detected OS: alpine -2021-12-04T19:58:09.949Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:09.959Z INFO Number of language-specific files: 0 +2021-12-04T19:58:09.949Z INFO Detected OS: alpine +2021-12-04T19:58:09.949Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:09.959Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -408,16 +408,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:58:10.725Z INFO Detected OS: debian -2021-12-04T19:58:10.725Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:58:10.770Z INFO Number of language-specific files: 2 -2021-12-04T19:58:10.770Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:58:10.770Z INFO Detecting jar vulnerabilities... +2021-12-04T19:58:10.725Z INFO Detected OS: debian +2021-12-04T19:58:10.725Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:58:10.770Z INFO Number of language-specific files: 2 +2021-12-04T19:58:10.770Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:10.770Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -612,16 +612,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/syncthing/security.md b/charts/stable/syncthing/security.md index 2385d47c974..b3cf4505aed 100644 --- a/charts/stable/syncthing/security.md +++ b/charts/stable/syncthing/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:57.764Z INFO Detected config files: 1 +2021-12-04T19:57:57.764Z INFO Detected config files: 1 #### syncthing/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:58.598Z INFO Detected OS: alpine -2021-12-04T19:57:58.598Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:58.605Z INFO Number of language-specific files: 0 +2021-12-04T19:57:58.598Z INFO Detected OS: alpine +2021-12-04T19:57:58.598Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:58.605Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/syncthing:v1.18.4@sha256:cc2bd691927ec19b9aac2d4a3e2330cb0ce9458dda761ead7dddd5f2d8338221** -2021-12-04T19:58:00.666Z INFO Detected OS: alpine -2021-12-04T19:58:00.666Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:00.668Z INFO Number of language-specific files: 1 -2021-12-04T19:58:00.668Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:00.666Z INFO Detected OS: alpine +2021-12-04T19:58:00.666Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:00.668Z INFO Number of language-specific files: 1 +2021-12-04T19:58:00.668Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/syncthing:v1.18.4@sha256:cc2bd691927ec19b9aac2d4a3e2330cb0ce9458dda761ead7dddd5f2d8338221 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -96,9 +96,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/tautulli/security.md b/charts/stable/tautulli/security.md index 79d324706f8..c3c814653df 100644 --- a/charts/stable/tautulli/security.md +++ b/charts/stable/tautulli/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:58:17.750Z INFO Detected config files: 1 +2021-12-04T19:58:17.750Z INFO Detected config files: 1 #### tautulli/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:18.899Z INFO Detected OS: alpine -2021-12-04T19:58:18.899Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:18.908Z INFO Number of language-specific files: 0 +2021-12-04T19:58:18.899Z INFO Detected OS: alpine +2021-12-04T19:58:18.899Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:18.908Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/tautulli:v2.7.7@sha256:c63a409b9d44b5018dfe72955609f6b25b70945976739cd28f1f0af6e73484df** -2021-12-04T19:58:22.626Z INFO Detected OS: ubuntu -2021-12-04T19:58:22.626Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:58:22.630Z INFO Number of language-specific files: 2 -2021-12-04T19:58:22.630Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:58:22.631Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:58:22.626Z INFO Detected OS: ubuntu +2021-12-04T19:58:22.626Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:58:22.630Z INFO Number of language-specific files: 2 +2021-12-04T19:58:22.630Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:22.631Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/tautulli:v2.7.7@sha256:c63a409b9d44b5018dfe72955609f6b25b70945976739cd28f1f0af6e73484df (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -148,15 +148,14 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04.1 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/teamspeak3/security.md b/charts/stable/teamspeak3/security.md index dc1f2356d3f..5afbd026d36 100644 --- a/charts/stable/teamspeak3/security.md +++ b/charts/stable/teamspeak3/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:58:38.915Z INFO Detected config files: 1 +2021-12-04T19:58:38.915Z INFO Detected config files: 1 #### teamspeak3/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:43.063Z INFO Detected OS: alpine -2021-12-04T19:58:43.063Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:43.071Z INFO Number of language-specific files: 0 +2021-12-04T19:58:43.063Z INFO Detected OS: alpine +2021-12-04T19:58:43.063Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:43.071Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,15 @@ **Container: tccr.io/truecharts/teamspeak:v3.13.6@sha256:24acbeffda16a22105e06d60286e1c93d148c8467177feaf760bbe1ef3b9654c** -2021-12-04T19:58:47.002Z INFO Detected OS: alpine -2021-12-04T19:58:47.002Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:47.004Z INFO Number of language-specific files: 0 +2021-12-04T19:58:47.002Z INFO Detected OS: alpine +2021-12-04T19:58:47.002Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:47.004Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/teamspeak:v3.13.6@sha256:24acbeffda16a22105e06d60286e1c93d148c8467177feaf760bbe1ef3b9654c (alpine 3.13.7) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | libpq | CVE-2021-23214 | HIGH | 13.4-r0 | 13.5-r0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23214
https://ubuntu.com/security/notices/USN-5145-1
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
| | libpq | CVE-2021-23222 | LOW | 13.4-r0 | 13.5-r0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23222
https://ubuntu.com/security/notices/USN-5145-1
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
| - diff --git a/charts/stable/teedy/security.md b/charts/stable/teedy/security.md index 7b9f7b5aafa..bda77fe291b 100644 --- a/charts/stable/teedy/security.md +++ b/charts/stable/teedy/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:58:52.691Z INFO Detected config files: 2 +2021-12-04T19:58:52.691Z INFO Detected config files: 2 #### teedy/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:53.599Z INFO Detected OS: alpine -2021-12-04T19:58:53.599Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:53.606Z INFO Number of language-specific files: 0 +2021-12-04T19:58:53.599Z INFO Detected OS: alpine +2021-12-04T19:58:53.599Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:53.606Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:58:54.448Z INFO Detected OS: debian -2021-12-04T19:58:54.448Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:58:54.506Z INFO Number of language-specific files: 2 -2021-12-04T19:58:54.506Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:58:54.506Z INFO Detecting jar vulnerabilities... +2021-12-04T19:58:54.448Z INFO Detected OS: debian +2021-12-04T19:58:54.448Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:58:54.506Z INFO Number of language-specific files: 2 +2021-12-04T19:58:54.506Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:54.506Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/docs:v1.9@sha256:23e9053e5eb837b31ae08bc770865827c7a2dc49dfc46fa2eba55f18fe8b21da** -2021-12-04T19:59:18.424Z INFO Detected OS: ubuntu -2021-12-04T19:59:18.424Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:59:18.436Z INFO Number of language-specific files: 1 -2021-12-04T19:59:18.436Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:18.424Z INFO Detected OS: ubuntu +2021-12-04T19:59:18.424Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:59:18.436Z INFO Number of language-specific files: 1 +2021-12-04T19:59:18.436Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/docs:v1.9@sha256:23e9053e5eb837b31ae08bc770865827c7a2dc49dfc46fa2eba55f18fe8b21da (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2018-0501 | HIGH | 1.6~alpha7ubuntu2 | 1.6.3ubuntu0.1 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0501
https://mirror.fail
https://mirror.fail/
https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec
https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47
https://ubuntu.com/security/notices/USN-3746-1
https://usn.ubuntu.com/3746-1/
| @@ -1508,7 +1508,7 @@ | xxd | CVE-2021-3903 | LOW | 2:8.0.1453-1ubuntu1 | 2:8.0.1453-1ubuntu1.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3903
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/
https://ubuntu.com/security/notices/USN-5147-1
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.google.guava:guava | CVE-2020-8908 | LOW | 28.2-jre | 30.0 |
Click to expand!https://github.com/advisories/GHSA-5mg8-w23w-74h3
https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
https://github.com/google/guava/issues/4011
https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r037fed1d0ebde50c9caf8d99815db3093c344c3f651c5a49a09824ce@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E
https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-8908
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -1566,14 +1566,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:19.875Z INFO Detected OS: alpine -2021-12-04T19:59:19.875Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:19.881Z INFO Number of language-specific files: 0 +2021-12-04T19:59:19.875Z INFO Detected OS: alpine +2021-12-04T19:59:19.875Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:19.881Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1601,16 +1601,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:59:36.837Z INFO Detected OS: debian -2021-12-04T19:59:36.837Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:59:36.891Z INFO Number of language-specific files: 2 -2021-12-04T19:59:36.891Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:59:36.891Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:36.837Z INFO Detected OS: debian +2021-12-04T19:59:36.837Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:59:36.891Z INFO Number of language-specific files: 2 +2021-12-04T19:59:36.891Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:59:36.891Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1805,16 +1805,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/thelounge/security.md b/charts/stable/thelounge/security.md index 49105887670..22cac9698da 100644 --- a/charts/stable/thelounge/security.md +++ b/charts/stable/thelounge/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:59:19.289Z INFO Detected config files: 1 +2021-12-04T19:59:19.289Z INFO Detected config files: 1 #### thelounge/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:21.037Z INFO Detected OS: alpine -2021-12-04T19:59:21.037Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:21.050Z INFO Number of language-specific files: 0 +2021-12-04T19:59:21.037Z INFO Detected OS: alpine +2021-12-04T19:59:21.037Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:21.050Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/thelounge:v4.3.0@sha256:642d2b46f679b666e7b7458e761de135b7fb6761e986a8bcb620d81803195051** -2021-12-04T19:59:34.722Z INFO Detected OS: debian -2021-12-04T19:59:34.722Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:59:34.863Z INFO Number of language-specific files: 1 -2021-12-04T19:59:34.863Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:59:34.722Z INFO Detected OS: debian +2021-12-04T19:59:34.722Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:59:34.863Z INFO Number of language-specific files: 1 +2021-12-04T19:59:34.863Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/thelounge:v4.3.0@sha256:642d2b46f679b666e7b7458e761de135b7fb6761e986a8bcb620d81803195051 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -822,7 +822,7 @@ | wget | CVE-2021-31879 | MEDIUM | 1.21-1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -833,4 +833,3 @@ | tar | CVE-2021-37701 | HIGH | 2.2.2 | 6.1.7, 5.0.8, 4.4.16 |
Click to expand!https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37712 | HIGH | 2.2.2 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37713 | HIGH | 2.2.2 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/charts/stable/traccar/security.md b/charts/stable/traccar/security.md index a22dd1e1002..7a6ca47112f 100644 --- a/charts/stable/traccar/security.md +++ b/charts/stable/traccar/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:59:20.429Z INFO Detected config files: 2 +2021-12-04T19:59:20.429Z INFO Detected config files: 2 #### traccar/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:24.066Z INFO Detected OS: alpine -2021-12-04T19:59:24.066Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:24.071Z INFO Number of language-specific files: 0 +2021-12-04T19:59:24.066Z INFO Detected OS: alpine +2021-12-04T19:59:24.066Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:24.071Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:59:36.029Z INFO Detected OS: debian -2021-12-04T19:59:36.029Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:59:36.071Z INFO Number of language-specific files: 2 -2021-12-04T19:59:36.071Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:59:36.071Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:36.029Z INFO Detected OS: debian +2021-12-04T19:59:36.029Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:59:36.071Z INFO Number of language-specific files: 2 +2021-12-04T19:59:36.071Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:59:36.071Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/traccar:v4.14@sha256:39fe3c8c65caef00ab79591c98b383432fe2d21bf745c925df6fd7891ce6fe78** -2021-12-04T19:59:47.923Z INFO Detected OS: alpine -2021-12-04T19:59:47.923Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:47.927Z INFO Number of language-specific files: 1 -2021-12-04T19:59:47.927Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:47.923Z INFO Detected OS: alpine +2021-12-04T19:59:47.923Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:47.927Z INFO Number of language-specific files: 1 +2021-12-04T19:59:47.927Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/traccar:v4.14@sha256:39fe3c8c65caef00ab79591c98b383432fe2d21bf745c925df6fd7891ce6fe78 (alpine 3.14.1) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -329,7 +329,7 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ch.qos.logback:logback-core | CVE-2017-5929 | CRITICAL | 1.1.3 | 1.2.0 |
Click to expand!http://www.cvedetails.com/cve/CVE-2017-5929/
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2017:1832
https://access.redhat.com/errata/RHSA-2018:2927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E
https://logback.qos.ch/news.html
https://nvd.nist.gov/vuln/detail/CVE-2017-5929
| @@ -357,14 +357,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:49.454Z INFO Detected OS: alpine -2021-12-04T19:59:49.454Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:49.460Z INFO Number of language-specific files: 0 +2021-12-04T19:59:49.454Z INFO Detected OS: alpine +2021-12-04T19:59:49.454Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:49.460Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -392,16 +392,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:59:56.847Z INFO Detected OS: debian -2021-12-04T19:59:56.847Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:59:56.892Z INFO Number of language-specific files: 2 -2021-12-04T19:59:56.892Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:59:56.892Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:56.847Z INFO Detected OS: debian +2021-12-04T19:59:56.847Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:59:56.892Z INFO Number of language-specific files: 2 +2021-12-04T19:59:56.892Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:59:56.892Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -596,16 +596,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/transmission/security.md b/charts/stable/transmission/security.md index 340175d3b1f..0f5bf45f808 100644 --- a/charts/stable/transmission/security.md +++ b/charts/stable/transmission/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:59:35.444Z INFO Detected config files: 1 +2021-12-04T19:59:35.444Z INFO Detected config files: 1 #### transmission/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:48.678Z INFO Detected OS: alpine -2021-12-04T19:59:48.678Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:48.685Z INFO Number of language-specific files: 0 +2021-12-04T19:59:48.678Z INFO Detected OS: alpine +2021-12-04T19:59:48.678Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:48.685Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/transmission:v3.00@sha256:9a4f48483b93f74394b69555c9324c746414836de247fbeafec5f53c0b077b9f** -2021-12-04T19:59:56.219Z INFO Detected OS: ubuntu -2021-12-04T19:59:56.219Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:59:56.222Z INFO Number of language-specific files: 1 -2021-12-04T19:59:56.222Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:59:56.219Z INFO Detected OS: ubuntu +2021-12-04T19:59:56.219Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:59:56.222Z INFO Number of language-specific files: 1 +2021-12-04T19:59:56.222Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/transmission:v3.00@sha256:9a4f48483b93f74394b69555c9324c746414836de247fbeafec5f53c0b077b9f (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -161,8 +161,7 @@ | unrar | CVE-2018-25018 | MEDIUM | 1:5.6.6-2build1 | |
Click to expand!https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25018
https://github.com/aawc/unrar/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/truecommand/security.md b/charts/stable/truecommand/security.md index 95b6ebd4271..25bf5867e47 100644 --- a/charts/stable/truecommand/security.md +++ b/charts/stable/truecommand/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:00:11.664Z INFO Detected config files: 1 +2021-12-04T20:00:11.664Z INFO Detected config files: 1 #### truecommand/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:13.087Z INFO Detected OS: alpine -2021-12-04T20:00:13.087Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:13.106Z INFO Number of language-specific files: 0 +2021-12-04T20:00:13.087Z INFO Detected OS: alpine +2021-12-04T20:00:13.087Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:13.106Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/truecommand:v2.0.2@sha256:adee76b6a9149ea15dc56e8e6692f6cc60355cfb83c55a7a94a117923dc67ad0** -2021-12-04T20:00:33.910Z INFO Detected OS: debian -2021-12-04T20:00:33.910Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:00:33.962Z INFO Number of language-specific files: 5 -2021-12-04T20:00:33.962Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:00:33.964Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:00:33.910Z INFO Detected OS: debian +2021-12-04T20:00:33.910Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:00:33.962Z INFO Number of language-specific files: 5 +2021-12-04T20:00:33.962Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:00:33.964Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/truecommand:v2.0.2@sha256:adee76b6a9149ea15dc56e8e6692f6cc60355cfb83c55a7a94a117923dc67ad0 (debian 10.4) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2020-27350 | MEDIUM | 1.8.2.1 | 1.8.2.2 |
Click to expand!https://bugs.launchpad.net/bugs/1899193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350
https://security.netapp.com/advisory/ntap-20210108-0005/
https://ubuntu.com/security/notices/USN-4667-1
https://ubuntu.com/security/notices/USN-4667-2
https://usn.ubuntu.com/usn/usn-4667-1
https://www.debian.org/security/2020/dsa-4808
| @@ -379,14 +379,14 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/buger/jsonparser | CVE-2020-10675 | HIGH | v0.0.0-20191004114745-ee4c978eae7e | v0.0.0-20200321185410-91ac96899e49 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10675
https://github.com/buger/jsonparser/issues/188
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI/
https://nvd.nist.gov/vuln/detail/CVE-2020-10675
| @@ -396,7 +396,7 @@ | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/buger/jsonparser | CVE-2020-10675 | HIGH | v0.0.0-20191004114745-ee4c978eae7e | v0.0.0-20200321185410-91ac96899e49 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10675
https://github.com/buger/jsonparser/issues/188
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI/
https://nvd.nist.gov/vuln/detail/CVE-2020-10675
| @@ -406,15 +406,12 @@ | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/tt-rss/security.md b/charts/stable/tt-rss/security.md index e9cd4976ab5..fb2206b7364 100644 --- a/charts/stable/tt-rss/security.md +++ b/charts/stable/tt-rss/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T20:00:34.938Z INFO Detected config files: 2 +2021-12-04T20:00:34.938Z INFO Detected config files: 2 #### tt-rss/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:37.814Z INFO Detected OS: alpine -2021-12-04T20:00:37.814Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:37.827Z INFO Number of language-specific files: 0 +2021-12-04T20:00:37.814Z INFO Detected OS: alpine +2021-12-04T20:00:37.814Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:37.827Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:00:39.013Z INFO Detected OS: debian -2021-12-04T20:00:39.013Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:00:39.060Z INFO Number of language-specific files: 2 -2021-12-04T20:00:39.060Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:00:39.061Z INFO Detecting jar vulnerabilities... +2021-12-04T20:00:39.013Z INFO Detected OS: debian +2021-12-04T20:00:39.013Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:00:39.060Z INFO Number of language-specific files: 2 +2021-12-04T20:00:39.060Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:00:39.061Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,32 +275,32 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/tt-rss:v1.9075.0@sha256:9779b47027627c16b3f6c0e69b9a5c7964a7b701ff8ccc6b1f0a7d5d371c7c6b** -2021-12-04T20:00:47.176Z INFO Detected OS: ubuntu -2021-12-04T20:00:47.176Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T20:00:47.181Z INFO Number of language-specific files: 4 -2021-12-04T20:00:47.181Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:00:47.181Z INFO Detecting composer vulnerabilities... -2021-12-04T20:00:47.181Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:00:47.176Z INFO Detected OS: ubuntu +2021-12-04T20:00:47.176Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T20:00:47.181Z INFO Number of language-specific files: 4 +2021-12-04T20:00:47.181Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:00:47.181Z INFO Detecting composer vulnerabilities... +2021-12-04T20:00:47.181Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/tt-rss:v1.9075.0@sha256:9779b47027627c16b3f6c0e69b9a5c7964a7b701ff8ccc6b1f0a7d5d371c7c6b (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -414,42 +414,42 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:48.308Z INFO Detected OS: alpine -2021-12-04T20:00:48.308Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:48.317Z INFO Number of language-specific files: 0 +2021-12-04T20:00:48.308Z INFO Detected OS: alpine +2021-12-04T20:00:48.308Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:48.317Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -477,16 +477,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:00:59.789Z INFO Detected OS: debian -2021-12-04T20:00:59.789Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:00:59.824Z INFO Number of language-specific files: 2 -2021-12-04T20:00:59.824Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:00:59.824Z INFO Detecting jar vulnerabilities... +2021-12-04T20:00:59.789Z INFO Detected OS: debian +2021-12-04T20:00:59.789Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:00:59.824Z INFO Number of language-specific files: 2 +2021-12-04T20:00:59.824Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:00:59.824Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -681,16 +681,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/tvheadend/security.md b/charts/stable/tvheadend/security.md index a56aa676b80..8b88580a1de 100644 --- a/charts/stable/tvheadend/security.md +++ b/charts/stable/tvheadend/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:00:47.706Z INFO Detected config files: 1 +2021-12-04T20:00:47.706Z INFO Detected config files: 1 #### tvheadend/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:49.278Z INFO Detected OS: alpine -2021-12-04T20:00:49.278Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:49.287Z INFO Number of language-specific files: 0 +2021-12-04T20:00:49.278Z INFO Detected OS: alpine +2021-12-04T20:00:49.278Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:49.287Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/tvheadend:version-63784405@sha256:55617b2f0e1a9d9cefb853c5d52f3729da88c9662ad18813e688201dbe3aee9a** -2021-12-04T20:00:58.606Z INFO Number of language-specific files: 0 +2021-12-04T20:00:58.606Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/twtxt/security.md b/charts/stable/twtxt/security.md index bbbf074281a..04f5a290525 100644 --- a/charts/stable/twtxt/security.md +++ b/charts/stable/twtxt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:00:49.795Z INFO Detected config files: 1 +2021-12-04T20:00:49.795Z INFO Detected config files: 1 #### twtxt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:59.162Z INFO Detected OS: alpine -2021-12-04T20:00:59.162Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:59.175Z INFO Number of language-specific files: 0 +2021-12-04T20:00:59.162Z INFO Detected OS: alpine +2021-12-04T20:00:59.162Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:59.175Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,14 @@ **Container: tccr.io/truecharts/twtxt:version-0.1.1@sha256:9f34f0557d2a46aa7952c55f5a368c130659fafa0780785a647721edd001cdaa** -2021-12-04T20:01:04.681Z INFO Number of language-specific files: 1 -2021-12-04T20:01:04.681Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:01:04.681Z INFO Number of language-specific files: 1 +2021-12-04T20:01:04.681Z INFO Detecting gobinary vulnerabilities... #### app/twtd - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/dgrijalva/jwt-go | CVE-2020-26160 | HIGH | v3.2.0+incompatible | |
Click to expand!https://github.com/dgrijalva/jwt-go/pull/426
https://nvd.nist.gov/vuln/detail/CVE-2020-26160
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200709230013-948cd5f35899 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/charts/stable/unifi/security.md b/charts/stable/unifi/security.md index 06eca42d2b4..d6de5e30155 100644 --- a/charts/stable/unifi/security.md +++ b/charts/stable/unifi/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:01:06.079Z INFO Detected config files: 1 +2021-12-04T20:01:06.079Z INFO Detected config files: 1 #### unifi/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:01:07.015Z INFO Detected OS: alpine -2021-12-04T20:01:07.015Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:01:07.047Z INFO Number of language-specific files: 0 +2021-12-04T20:01:07.015Z INFO Detected OS: alpine +2021-12-04T20:01:07.015Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:01:07.047Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/unifi:v6.5.53@sha256:c6cf26dcd8e73e95503a9a8fb5ab36458c05c724b33add8dc1a6152648f33d3d** -2021-12-04T20:01:36.779Z INFO Detected OS: ubuntu -2021-12-04T20:01:36.780Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T20:01:36.786Z INFO Number of language-specific files: 0 +2021-12-04T20:01:36.779Z INFO Detected OS: ubuntu +2021-12-04T20:01:36.780Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T20:01:36.786Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/unifi:v6.5.53@sha256:c6cf26dcd8e73e95503a9a8fb5ab36458c05c724b33add8dc1a6152648f33d3d (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -214,4 +214,3 @@ | passwd | CVE-2018-7169 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| - diff --git a/charts/stable/unpackerr/security.md b/charts/stable/unpackerr/security.md index 535a387968a..37ceef7439a 100644 --- a/charts/stable/unpackerr/security.md +++ b/charts/stable/unpackerr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:01:46.149Z INFO Detected config files: 1 +2021-12-04T20:01:46.149Z INFO Detected config files: 1 #### unpackerr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:01:46.934Z INFO Detected OS: alpine -2021-12-04T20:01:46.934Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:01:46.946Z INFO Number of language-specific files: 0 +2021-12-04T20:01:46.934Z INFO Detected OS: alpine +2021-12-04T20:01:46.934Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:01:46.946Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/unpackerr:v0.9.8@sha256:a76546d014ad85dac797bbb3d7753d1c0b5778ea907a7f2b21dad908a1c7712c** -2021-12-04T20:01:49.496Z INFO Number of language-specific files: 0 +2021-12-04T20:01:49.496Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/unpoller/security.md b/charts/stable/unpoller/security.md index 7e37743a380..e0760419368 100644 --- a/charts/stable/unpoller/security.md +++ b/charts/stable/unpoller/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:01:52.263Z INFO Detected config files: 1 +2021-12-04T20:01:52.263Z INFO Detected config files: 1 #### unpoller/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:01:53.858Z INFO Detected OS: alpine -2021-12-04T20:01:53.858Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:01:53.864Z INFO Number of language-specific files: 0 +2021-12-04T20:01:53.858Z INFO Detected OS: alpine +2021-12-04T20:01:53.858Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:01:53.864Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/unifi-poller:v2.1.3@sha256:2d6cd1f4cdc3d8522d697830f69ca12aa2fe24fda4e5476610af6e0b5c0597e9** -2021-12-04T20:01:57.370Z INFO Number of language-specific files: 0 +2021-12-04T20:01:57.370Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/charts/stable/uptime-kuma/security.md b/charts/stable/uptime-kuma/security.md index 93bce54bf4d..3c43870623d 100644 --- a/charts/stable/uptime-kuma/security.md +++ b/charts/stable/uptime-kuma/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:01:52.960Z INFO Detected config files: 1 +2021-12-04T20:01:52.960Z INFO Detected config files: 1 #### uptime-kuma/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:01:54.994Z INFO Detected OS: alpine -2021-12-04T20:01:54.994Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:01:55.002Z INFO Number of language-specific files: 0 +2021-12-04T20:01:54.994Z INFO Detected OS: alpine +2021-12-04T20:01:54.994Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:01:55.002Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/uptime-kuma:v1.10.2-debian@sha256:002dbdff764a1d26278efadeecacc62602e3aba7714317afd83ec501a2b71769** -2021-12-04T20:02:07.954Z INFO Detected OS: debian -2021-12-04T20:02:07.954Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:02:07.977Z INFO Number of language-specific files: 2 -2021-12-04T20:02:07.977Z INFO Detecting node-pkg vulnerabilities... -2021-12-04T20:02:08.009Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T20:02:07.954Z INFO Detected OS: debian +2021-12-04T20:02:07.954Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:02:07.977Z INFO Number of language-specific files: 2 +2021-12-04T20:02:07.977Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:02:08.009Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/uptime-kuma:v1.10.2-debian@sha256:002dbdff764a1d26278efadeecacc62602e3aba7714317afd83ec501a2b71769 (debian 10.10) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -246,7 +246,7 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -254,9 +254,6 @@ | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/uptimerobot-prometheus/security.md b/charts/stable/uptimerobot-prometheus/security.md index 06fc0c57414..5efc0f968ee 100644 --- a/charts/stable/uptimerobot-prometheus/security.md +++ b/charts/stable/uptimerobot-prometheus/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:02:22.608Z INFO Detected config files: 1 +2021-12-04T20:02:22.608Z INFO Detected config files: 1 #### uptimerobot-prometheus/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:02:23.308Z INFO Detected OS: alpine -2021-12-04T20:02:23.309Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:23.316Z INFO Number of language-specific files: 0 +2021-12-04T20:02:23.308Z INFO Detected OS: alpine +2021-12-04T20:02:23.309Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:23.316Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/prometheus-uptimerobot-exporter:v0.0.1@sha256:c73a86e73ab47e0974eb3d6bd6ce5834befe8363979a9da2b53922b630ec084a** -2021-12-04T20:02:26.416Z INFO Detected OS: alpine -2021-12-04T20:02:26.416Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:26.424Z INFO Number of language-specific files: 1 -2021-12-04T20:02:26.424Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T20:02:26.416Z INFO Detected OS: alpine +2021-12-04T20:02:26.416Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:26.424Z INFO Number of language-specific files: 1 +2021-12-04T20:02:26.424Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/prometheus-uptimerobot-exporter:v0.0.1@sha256:c73a86e73ab47e0974eb3d6bd6ce5834befe8363979a9da2b53922b630ec084a (alpine 3.12.0) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -154,11 +154,10 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r16 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | pip | CVE-2021-28363 | MEDIUM | 20.1.1 | 21.1 |
Click to expand!https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| | pip | CVE-2021-3572 | MEDIUM | 20.1.1 | 21.1 |
Click to expand!https://access.redhat.com/errata/RHSA-2021:3254
https://bugzilla.redhat.com/show_bug.cgi?id=1962856
https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
https://github.com/pypa/pip/pull/9827
https://linux.oracle.com/cve/CVE-2021-3572.html
https://linux.oracle.com/errata/ELSA-2021-4455.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3572
https://packetstormsecurity.com/files/162712/USN-4961-1.txt
| | pip | pyup.io-42218 | UNKNOWN | 20.1.1 | 21.1 |
Click to expand!
| | urllib3 | CVE-2021-33503 | HIGH | 1.25.9 | 1.26.5 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
https://nvd.nist.gov/vuln/detail/CVE-2021-33503
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/charts/stable/valheim/security.md b/charts/stable/valheim/security.md index b168b5c9887..914d8531d3b 100644 --- a/charts/stable/valheim/security.md +++ b/charts/stable/valheim/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:02:35.141Z INFO Detected config files: 1 +2021-12-04T20:02:35.141Z INFO Detected config files: 1 #### valheim/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:02:36.782Z INFO Detected OS: alpine -2021-12-04T20:02:36.782Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:36.790Z INFO Number of language-specific files: 0 +2021-12-04T20:02:36.782Z INFO Detected OS: alpine +2021-12-04T20:02:36.782Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:36.790Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/valheim-server:latest@sha256:12a0e638db1b54e93af61d8a94c275224ec8524e65304f058eff34dfdbaafef0** -2021-12-04T20:02:52.094Z INFO Detected OS: debian -2021-12-04T20:02:52.094Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:02:52.177Z INFO Number of language-specific files: 1 -2021-12-04T20:02:52.177Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T20:02:52.094Z INFO Detected OS: debian +2021-12-04T20:02:52.094Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:02:52.177Z INFO Number of language-specific files: 1 +2021-12-04T20:02:52.177Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/valheim-server:latest@sha256:12a0e638db1b54e93af61d8a94c275224ec8524e65304f058eff34dfdbaafef0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -491,9 +491,6 @@ | zip | CVE-2018-13410 | LOW | 3.0-11 | |
Click to expand!http://seclists.org/fulldisclosure/2018/Jul/24
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/vaultwarden/security.md b/charts/stable/vaultwarden/security.md index 6bbd18ea17f..bd38f2ddf3e 100644 --- a/charts/stable/vaultwarden/security.md +++ b/charts/stable/vaultwarden/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T20:02:54.062Z INFO Detected config files: 2 +2021-12-04T20:02:54.062Z INFO Detected config files: 2 #### vaultwarden/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:02:56.947Z INFO Detected OS: alpine -2021-12-04T20:02:56.947Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:56.955Z INFO Number of language-specific files: 0 +2021-12-04T20:02:56.947Z INFO Detected OS: alpine +2021-12-04T20:02:56.947Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:56.955Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:02:58.241Z INFO Detected OS: debian -2021-12-04T20:02:58.241Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:02:58.303Z INFO Number of language-specific files: 2 -2021-12-04T20:02:58.303Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:02:58.303Z INFO Detecting jar vulnerabilities... +2021-12-04T20:02:58.241Z INFO Detected OS: debian +2021-12-04T20:02:58.241Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:02:58.303Z INFO Number of language-specific files: 2 +2021-12-04T20:02:58.303Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:02:58.303Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,29 +275,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/vaultwarden:v1.23.0@sha256:1e65dd23569e566576c3c80de76f711e0b9fc5e29a39d45f49f0a44d1282d869** -2021-12-04T20:03:07.218Z INFO Detected OS: debian -2021-12-04T20:03:07.218Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:07.308Z INFO Number of language-specific files: 0 +2021-12-04T20:03:07.218Z INFO Detected OS: debian +2021-12-04T20:03:07.218Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:07.308Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/vaultwarden:v1.23.0@sha256:1e65dd23569e566576c3c80de76f711e0b9fc5e29a39d45f49f0a44d1282d869 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -608,14 +608,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:08.318Z INFO Detected OS: alpine -2021-12-04T20:03:08.318Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:08.324Z INFO Number of language-specific files: 0 +2021-12-04T20:03:08.318Z INFO Detected OS: alpine +2021-12-04T20:03:08.318Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:08.324Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -643,16 +643,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:03:09.114Z INFO Detected OS: debian -2021-12-04T20:03:09.114Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:09.161Z INFO Number of language-specific files: 2 -2021-12-04T20:03:09.161Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:03:09.161Z INFO Detecting jar vulnerabilities... +2021-12-04T20:03:09.114Z INFO Detected OS: debian +2021-12-04T20:03:09.114Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:09.161Z INFO Number of language-specific files: 2 +2021-12-04T20:03:09.161Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:03:09.161Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -847,16 +847,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/whoogle/security.md b/charts/stable/whoogle/security.md index bf0293241fc..a5aef80eff6 100644 --- a/charts/stable/whoogle/security.md +++ b/charts/stable/whoogle/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:02:54.735Z INFO Detected config files: 1 +2021-12-04T20:02:54.735Z INFO Detected config files: 1 #### whoogle/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:02:57.621Z INFO Detected OS: alpine -2021-12-04T20:02:57.621Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:57.628Z INFO Number of language-specific files: 0 +2021-12-04T20:02:57.621Z INFO Detected OS: alpine +2021-12-04T20:02:57.621Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:57.628Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/whoogle-search:v0.6.0@sha256:3eeb08a974169f6f1abd884d0923a86d594f9d41c881c7558cb1cbe8dfeb454f** -2021-12-04T20:03:02.134Z INFO Detected OS: debian -2021-12-04T20:03:02.134Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:02.167Z INFO Number of language-specific files: 1 -2021-12-04T20:03:02.167Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T20:03:02.134Z INFO Detected OS: debian +2021-12-04T20:03:02.134Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:02.167Z INFO Number of language-specific files: 1 +2021-12-04T20:03:02.167Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/whoogle-search:v0.6.0@sha256:3eeb08a974169f6f1abd884d0923a86d594f9d41c881c7558cb1cbe8dfeb454f (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -199,8 +199,7 @@ | tor-geoipdb | CVE-2020-8516 | LOW | 0.4.5.10-1~deb11u1 | |
Click to expand!https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html
https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
https://security-tracker.debian.org/tracker/CVE-2020-8516
https://trac.torproject.org/projects/tor/ticket/33129
https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Werkzeug | pyup.io-42050 | UNKNOWN | 0.16.0 | 2.0.2 |
Click to expand!
| - diff --git a/charts/stable/wiki/security.md b/charts/stable/wiki/security.md index f18b9faba7b..ac437d701b3 100644 --- a/charts/stable/wiki/security.md +++ b/charts/stable/wiki/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:03:10.131Z INFO Detected config files: 1 +2021-12-04T20:03:10.131Z INFO Detected config files: 1 #### wiki/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:10.955Z INFO Detected OS: alpine -2021-12-04T20:03:10.955Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:10.960Z INFO Number of language-specific files: 0 +2021-12-04T20:03:10.955Z INFO Detected OS: alpine +2021-12-04T20:03:10.955Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:10.960Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,17 +61,17 @@ **Container: tccr.io/truecharts/wiki:version-900b76a@sha256:26548fe894831ba1fbd7b68da370583363be3f992bd99e71c8b678c2583df951** -2021-12-04T20:03:28.136Z INFO Detected OS: alpine -2021-12-04T20:03:28.136Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:28.141Z INFO Number of language-specific files: 1 -2021-12-04T20:03:28.141Z INFO Detecting node-pkg vulnerabilities... -2021-12-04T20:03:28.180Z WARN This OS version is no longer supported by the distribution: alpine 3.11.12 -2021-12-04T20:03:28.180Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T20:03:28.136Z INFO Detected OS: alpine +2021-12-04T20:03:28.136Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:28.141Z INFO Number of language-specific files: 1 +2021-12-04T20:03:28.141Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:03:28.180Z WARN This OS version is no longer supported by the distribution: alpine 3.11.12 +2021-12-04T20:03:28.180Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/wiki:version-900b76a@sha256:26548fe894831ba1fbd7b68da370583363be3f992bd99e71c8b678c2583df951 (alpine 3.11.12) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -102,7 +102,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r10 | 1.31.1-r11 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -133,4 +133,3 @@ | ws | CVE-2021-32640 | MEDIUM | 7.4.5 | 5.2.3, 6.2.2, 7.4.6 |
Click to expand!https://github.com/advisories/GHSA-6fc8-4gx4-v693
https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
https://github.com/websockets/ws/issues/1895
https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30@%3Ccommits.tinkerpop.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-32640
| | xmldom | CVE-2021-21366 | MEDIUM | 0.1.31 | 0.5.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21366
https://github.com/advisories/GHSA-h6q6-9hqw-rwfv
https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
https://github.com/xmldom/xmldom/releases/tag/0.5.0
https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
https://nvd.nist.gov/vuln/detail/CVE-2021-21366
https://www.npmjs.com/package/xmldom
| | xmldom | CVE-2021-32796 | MEDIUM | 0.1.31 | |
Click to expand!https://github.com/advisories/GHSA-5fg8-2547-mr8q
https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b
https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://mattermost.com/blog/securing-xml-implementations-across-the-web/
https://nvd.nist.gov/vuln/detail/CVE-2021-32796
https://www.npmjs.com/package/@xmldom/xmldom
| - diff --git a/charts/stable/wikijs/security.md b/charts/stable/wikijs/security.md index 17323c60314..6d71237951a 100644 --- a/charts/stable/wikijs/security.md +++ b/charts/stable/wikijs/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T20:03:46.199Z INFO Detected config files: 2 +2021-12-04T20:03:46.199Z INFO Detected config files: 2 #### wikijs/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:47.000Z INFO Detected OS: alpine -2021-12-04T20:03:47.000Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:47.007Z INFO Number of language-specific files: 0 +2021-12-04T20:03:47.000Z INFO Detected OS: alpine +2021-12-04T20:03:47.000Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:47.007Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:03:47.991Z INFO Detected OS: debian -2021-12-04T20:03:47.991Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:48.056Z INFO Number of language-specific files: 2 -2021-12-04T20:03:48.056Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:03:48.056Z INFO Detecting jar vulnerabilities... +2021-12-04T20:03:47.991Z INFO Detected OS: debian +2021-12-04T20:03:47.991Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:48.056Z INFO Number of language-specific files: 2 +2021-12-04T20:03:48.056Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:03:48.056Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,32 +275,32 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/wiki:v2.5@sha256:4241796c343106f89fdc585229993df05c0ae81bdbbfc13a6f6a5be9b23d662e** **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:49.393Z INFO Detected OS: alpine -2021-12-04T20:03:49.393Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:49.402Z INFO Number of language-specific files: 0 +2021-12-04T20:03:49.393Z INFO Detected OS: alpine +2021-12-04T20:03:49.393Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:49.402Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -328,16 +328,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:03:50.207Z INFO Detected OS: debian -2021-12-04T20:03:50.207Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:50.255Z INFO Number of language-specific files: 2 -2021-12-04T20:03:50.255Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:03:50.255Z INFO Detecting jar vulnerabilities... +2021-12-04T20:03:50.207Z INFO Detected OS: debian +2021-12-04T20:03:50.207Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:50.255Z INFO Number of language-specific files: 2 +2021-12-04T20:03:50.255Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:03:50.255Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -532,16 +532,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/charts/stable/xteve/security.md b/charts/stable/xteve/security.md index acac804d5b2..01f672ff93c 100644 --- a/charts/stable/xteve/security.md +++ b/charts/stable/xteve/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:03:50.970Z INFO Detected config files: 1 +2021-12-04T20:03:50.970Z INFO Detected config files: 1 #### xteve/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:51.700Z INFO Detected OS: alpine -2021-12-04T20:03:51.701Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:51.707Z INFO Number of language-specific files: 0 +2021-12-04T20:03:51.700Z INFO Detected OS: alpine +2021-12-04T20:03:51.701Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:51.707Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/xteve:v2.2.0.200@sha256:77a1e4d934da1361c349fc3b9548e4e01b421df078759e5d11b4cc552c50bd7e** -2021-12-04T20:04:05.108Z INFO Detected OS: ubuntu -2021-12-04T20:04:05.108Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T20:04:05.112Z INFO Number of language-specific files: 1 -2021-12-04T20:04:05.112Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:04:05.108Z INFO Detected OS: ubuntu +2021-12-04T20:04:05.108Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T20:04:05.112Z INFO Number of language-specific files: 1 +2021-12-04T20:04:05.112Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/xteve:v2.2.0.200@sha256:77a1e4d934da1361c349fc3b9548e4e01b421df078759e5d11b4cc552c50bd7e (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -768,8 +768,7 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/charts/stable/zigbee2mqtt/security.md b/charts/stable/zigbee2mqtt/security.md index 02dd2280a19..5eb31322fd9 100644 --- a/charts/stable/zigbee2mqtt/security.md +++ b/charts/stable/zigbee2mqtt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:04:06.124Z INFO Detected config files: 1 +2021-12-04T20:04:06.124Z INFO Detected config files: 1 #### zigbee2mqtt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:04:07.156Z INFO Detected OS: alpine -2021-12-04T20:04:07.156Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:04:07.166Z INFO Number of language-specific files: 0 +2021-12-04T20:04:07.156Z INFO Detected OS: alpine +2021-12-04T20:04:07.156Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:04:07.166Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,25 +61,24 @@ **Container: tccr.io/truecharts/zigbee2mqtt:v1.22.1@sha256:ee52cfe959f3e5a05dc4ca4fee50a4d7572522664cf1b275749a4c85da6f4736** -2021-12-04T20:04:13.326Z INFO Detected OS: alpine -2021-12-04T20:04:13.326Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:04:13.327Z INFO Number of language-specific files: 1 -2021-12-04T20:04:13.327Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:04:13.326Z INFO Detected OS: alpine +2021-12-04T20:04:13.326Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:04:13.327Z INFO Number of language-specific files: 1 +2021-12-04T20:04:13.327Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/zigbee2mqtt:v1.22.1@sha256:ee52cfe959f3e5a05dc4ca4fee50a4d7572522664cf1b275749a4c85da6f4736 (alpine 3.12.9) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-28831 | HIGH | 1.31.1-r21 | 1.32.1-r4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
| | ssl_client | CVE-2021-28831 | HIGH | 1.31.1-r21 | 1.32.1-r4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| - diff --git a/charts/stable/zwavejs2mqtt/security.md b/charts/stable/zwavejs2mqtt/security.md index 7580582ba8a..db883928594 100644 --- a/charts/stable/zwavejs2mqtt/security.md +++ b/charts/stable/zwavejs2mqtt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:04:14.153Z INFO Detected config files: 1 +2021-12-04T20:04:14.153Z INFO Detected config files: 1 #### zwavejs2mqtt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:04:15.268Z INFO Detected OS: alpine -2021-12-04T20:04:15.268Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:04:15.275Z INFO Number of language-specific files: 0 +2021-12-04T20:04:15.268Z INFO Detected OS: alpine +2021-12-04T20:04:15.268Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:04:15.275Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/zwavejs2mqtt:v6.0.3@sha256:8fdac2ebee3443d0c1e62a3d52e14959e4717b1c33e4a7ed76f0c45b74d09fcd** -2021-12-04T20:04:26.031Z INFO Detected OS: alpine -2021-12-04T20:04:26.031Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:04:26.033Z INFO Number of language-specific files: 1 -2021-12-04T20:04:26.033Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:04:26.031Z INFO Detected OS: alpine +2021-12-04T20:04:26.031Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:04:26.033Z INFO Number of language-specific files: 1 +2021-12-04T20:04:26.033Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/zwavejs2mqtt:v6.0.3@sha256:8fdac2ebee3443d0c1e62a3d52e14959e4717b1c33e4a7ed76f0c45b74d09fcd (alpine 3.12.7) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.6-r0 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -101,7 +101,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | @npmcli/arborist | CVE-2021-39134 | HIGH | 2.6.1 | 2.8.2 |
Click to expand!https://github.com/advisories/GHSA-2h3h-q99f-3fhc
https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
https://nvd.nist.gov/vuln/detail/CVE-2021-39134
https://www.npmjs.com/package/@npmcli/arborist
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -125,4 +125,3 @@ | tar | CVE-2021-37713 | HIGH | 6.1.0 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | trim-newlines | CVE-2021-33623 | HIGH | 1.0.0 | 4.0.1, 3.0.1 |
Click to expand!https://github.com/advisories/GHSA-7p7h-4mm5-852v
https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91
https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33623
https://security.netapp.com/advisory/ntap-20210702-0007/
https://www.npmjs.com/package/trim-newlines
| | trim-off-newlines | CVE-2021-23425 | MEDIUM | 1.0.1 | |
Click to expand!https://github.com/advisories/GHSA-38fc-wpqx-33j7
https://github.com/stevemao/trim-off-newlines/blob/master/index.js%23L6
https://github.com/stevemao/trim-off-newlines/pull/3
https://nvd.nist.gov/vuln/detail/CVE-2021-23425
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567197
https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850
| - diff --git a/docs/apps/core/k8s-gateway/security.md b/docs/apps/core/k8s-gateway/security.md index 4b795971f15..4af908e2da4 100644 --- a/docs/apps/core/k8s-gateway/security.md +++ b/docs/apps/core/k8s-gateway/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:15:36.224Z INFO Detected config files: 1 +2021-12-04T19:15:36.224Z INFO Detected config files: 1 #### k8s-gateway/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:15:41.635Z INFO Detected OS: alpine -2021-12-04T19:15:41.635Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:41.643Z INFO Number of language-specific files: 0 +2021-12-04T19:15:41.635Z INFO Detected OS: alpine +2021-12-04T19:15:41.635Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:41.643Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,13 @@ **Container: tccr.io/truecharts/k8s_gateway:v0.1.8@sha256:c71ea11938d6c93b0af6f25230810ec13c7d28b29dfb8512adc6d1def7f200b6** -2021-12-04T19:15:44.065Z INFO Number of language-specific files: 1 -2021-12-04T19:15:44.065Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:15:44.065Z INFO Number of language-specific files: 1 +2021-12-04T19:15:44.065Z INFO Detecting gobinary vulnerabilities... #### coredns - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | go.etcd.io/etcd | CVE-2020-15106 | MEDIUM | v0.5.0-alpha.5.0.20200306183522-221f0cc107cb | v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106
https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/
| - diff --git a/docs/apps/core/prometheus/security.md b/docs/apps/core/prometheus/security.md index 91bf26a6ae3..e3cdb1e3729 100644 --- a/docs/apps/core/prometheus/security.md +++ b/docs/apps/core/prometheus/security.md @@ -4,114 +4,114 @@ ##### Scan Results -2021-12-04T19:15:54.454Z INFO Detected config files: 15 +2021-12-04T19:15:54.454Z INFO Detected config files: 15 #### prometheus/charts/kube-state-metrics/templates/deployment.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -126,14 +126,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:01.381Z INFO Detected OS: alpine -2021-12-04T19:16:01.381Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:01.387Z INFO Number of language-specific files: 0 +2021-12-04T19:16:01.381Z INFO Detected OS: alpine +2021-12-04T19:16:01.381Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:01.387Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -161,15 +161,15 @@ **Container: tccr.io/truecharts/prometheus-operator:v0.52.1@sha256:4b88f439ad22896e917ab39fb1ea7f0ec115e902e026c0ac27a8bc5a507e0493** -2021-12-04T19:16:13.111Z INFO Detected OS: debian -2021-12-04T19:16:13.111Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:13.144Z INFO Number of language-specific files: 2 -2021-12-04T19:16:13.144Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:13.111Z INFO Detected OS: debian +2021-12-04T19:16:13.111Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:13.144Z INFO Number of language-specific files: 2 +2021-12-04T19:16:13.144Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/prometheus-operator:v0.52.1@sha256:4b88f439ad22896e917ab39fb1ea7f0ec115e902e026c0ac27a8bc5a507e0493 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -318,29 +318,29 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211005150130-f29caccc4255 | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: bitnami/kube-state-metrics:2.2.4-debian-10-r0** -2021-12-04T19:16:18.293Z INFO Detected OS: debian -2021-12-04T19:16:18.293Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:18.331Z INFO Number of language-specific files: 1 -2021-12-04T19:16:18.331Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:18.293Z INFO Detected OS: debian +2021-12-04T19:16:18.293Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:18.331Z INFO Number of language-specific files: 1 +2021-12-04T19:16:18.331Z INFO Detecting gobinary vulnerabilities... #### bitnami/kube-state-metrics:2.2.4-debian-10-r0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -489,23 +489,23 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: bitnami/node-exporter:1.3.0-debian-10-r0** -2021-12-04T19:16:20.765Z INFO Detected OS: debian -2021-12-04T19:16:20.765Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:20.792Z INFO Number of language-specific files: 1 -2021-12-04T19:16:20.792Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:20.765Z INFO Detected OS: debian +2021-12-04T19:16:20.765Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:20.792Z INFO Number of language-specific files: 1 +2021-12-04T19:16:20.792Z INFO Detecting gobinary vulnerabilities... #### bitnami/node-exporter:1.3.0-debian-10-r0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -654,9 +654,6 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/core/traefik/security.md b/docs/apps/core/traefik/security.md index 4871a5fc1b7..c06fb4f3930 100644 --- a/docs/apps/core/traefik/security.md +++ b/docs/apps/core/traefik/security.md @@ -4,32 +4,32 @@ ##### Scan Results -2021-12-04T19:15:33.717Z INFO Need to update the built-in policies -2021-12-04T19:15:33.717Z INFO Downloading the built-in policies... -2021-12-04T19:15:35.556Z INFO Detected config files: 3 +2021-12-04T19:15:33.717Z INFO Need to update the built-in policies +2021-12-04T19:15:33.717Z INFO Downloading the built-in policies... +2021-12-04T19:15:35.556Z INFO Detected config files: 3 #### traefik/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -42,16 +42,16 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:15:36.314Z INFO Need to update DB -2021-12-04T19:15:36.314Z INFO Downloading DB... -2021-12-04T19:15:40.413Z INFO Detected OS: alpine -2021-12-04T19:15:40.413Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:40.422Z INFO Number of language-specific files: 0 +2021-12-04T19:15:36.314Z INFO Need to update DB +2021-12-04T19:15:36.314Z INFO Downloading DB... +2021-12-04T19:15:40.413Z INFO Detected OS: alpine +2021-12-04T19:15:40.413Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:40.422Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -79,22 +79,22 @@ **Container: tccr.io/truecharts/traefik:v2.5.4@sha256:e01f2de2f69fcf1a9ac2d8978455ce9731222c7fb78e3885e3f610eaeba6feee** -2021-12-04T19:15:59.477Z INFO Detected OS: alpine -2021-12-04T19:15:59.477Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:59.477Z INFO Number of language-specific files: 1 -2021-12-04T19:15:59.477Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:15:59.477Z INFO Detected OS: alpine +2021-12-04T19:15:59.477Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:59.477Z INFO Number of language-specific files: 1 +2021-12-04T19:15:59.477Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/traefik:v2.5.4@sha256:e01f2de2f69fcf1a9ac2d8978455ce9731222c7fb78e3885e3f610eaeba6feee (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.3.2 | v1.4.11, v1.5.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://nvd.nist.gov/vuln/detail/CVE-2021-41103
https://ubuntu.com/security/notices/USN-5100-1
https://www.debian.org/security/2021/dsa-5002
| @@ -102,4 +102,3 @@ | github.com/containerd/containerd | CVE-2021-21334 | MEDIUM | v1.3.2 | v1.3.10, v1.4.4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21334
https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e
https://github.com/containerd/containerd/releases/tag/v1.3.10
https://github.com/containerd/containerd/releases/tag/v1.4.4
https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/
https://nvd.nist.gov/vuln/detail/CVE-2021-21334
https://security.gentoo.org/glsa/202105-33
https://ubuntu.com/security/notices/USN-4881-1
| | github.com/containerd/containerd | CVE-2021-32760 | MEDIUM | v1.3.2 | v1.4.8, v1.5.4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760
https://github.com/containerd/containerd/releases/tag/v1.4.8
https://github.com/containerd/containerd/releases/tag/v1.5.4
https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
https://linux.oracle.com/cve/CVE-2021-32760.html
https://linux.oracle.com/errata/ELSA-2021-9373.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
https://nvd.nist.gov/vuln/detail/CVE-2021-32760
https://ubuntu.com/security/notices/USN-5012-1
| | github.com/docker/cli | CVE-2021-41092 | HIGH | v0.0.0-20200221155518-740919cc7fc0 | v20.10.9 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092
https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://nvd.nist.gov/vuln/detail/CVE-2021-41092
https://ubuntu.com/security/notices/USN-5134-1
| - diff --git a/docs/apps/incubator/anonaddy/security.md b/docs/apps/incubator/anonaddy/security.md index f9c0e918e2c..d3bc0cd17de 100644 --- a/docs/apps/incubator/anonaddy/security.md +++ b/docs/apps/incubator/anonaddy/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:15:41.056Z INFO Detected config files: 2 +2021-12-04T19:15:41.056Z INFO Detected config files: 2 #### anonaddy/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:15:42.300Z INFO Detected OS: alpine -2021-12-04T19:15:42.300Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:42.308Z INFO Number of language-specific files: 0 +2021-12-04T19:15:42.300Z INFO Detected OS: alpine +2021-12-04T19:15:42.300Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:42.308Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,17 +70,17 @@ **Container: tccr.io/truecharts/anonaddy:v0.8.7@sha256:ec36fa40052eed3629b2346fee28cee0c3c7f00903903f846bfc5261802197d6** -2021-12-04T19:15:52.686Z INFO Detected OS: alpine -2021-12-04T19:15:52.686Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:15:52.708Z INFO Number of language-specific files: 3 -2021-12-04T19:15:52.708Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:15:52.709Z INFO Detecting composer vulnerabilities... -2021-12-04T19:15:52.720Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:15:52.686Z INFO Detected OS: alpine +2021-12-04T19:15:52.686Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:15:52.708Z INFO Number of language-specific files: 3 +2021-12-04T19:15:52.708Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:15:52.709Z INFO Detecting composer vulnerabilities... +2021-12-04T19:15:52.720Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/anonaddy:v0.8.7@sha256:ec36fa40052eed3629b2346fee28cee0c3c7f00903903f846bfc5261802197d6 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -141,21 +141,21 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | doctrine/dbal | CVE-2021-43608 | CRITICAL | 3.1.3 | 3.0.99, 3.1.4 |
Click to expand!https://github.com/advisories/GHSA-r7cj-8hjg-x622
https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
| @@ -163,14 +163,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:00.072Z INFO Detected OS: alpine -2021-12-04T19:16:00.072Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:00.078Z INFO Number of language-specific files: 0 +2021-12-04T19:16:00.072Z INFO Detected OS: alpine +2021-12-04T19:16:00.072Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:00.078Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -198,15 +198,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:16:09.836Z INFO Detected OS: debian -2021-12-04T19:16:09.837Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:09.852Z INFO Number of language-specific files: 2 -2021-12-04T19:16:09.852Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:09.836Z INFO Detected OS: debian +2021-12-04T19:16:09.837Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:09.852Z INFO Number of language-specific files: 2 +2021-12-04T19:16:09.852Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -355,16 +355,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/blog/security.md b/docs/apps/incubator/blog/security.md index 81c3dfd97cf..a14dfa6f1b9 100644 --- a/docs/apps/incubator/blog/security.md +++ b/docs/apps/incubator/blog/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:16:28.296Z INFO Detected config files: 2 +2021-12-04T19:16:28.296Z INFO Detected config files: 2 #### blog/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:29.195Z INFO Detected OS: alpine -2021-12-04T19:16:29.195Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:29.203Z INFO Number of language-specific files: 0 +2021-12-04T19:16:29.195Z INFO Detected OS: alpine +2021-12-04T19:16:29.195Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:29.203Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:16:36.250Z INFO Detected OS: debian -2021-12-04T19:16:36.253Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:36.324Z INFO Number of language-specific files: 2 -2021-12-04T19:16:36.324Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:16:36.324Z INFO Detecting jar vulnerabilities... +2021-12-04T19:16:36.250Z INFO Detected OS: debian +2021-12-04T19:16:36.253Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:36.324Z INFO Number of language-specific files: 2 +2021-12-04T19:16:36.324Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:36.324Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,29 +275,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/blog:latest@sha256:22871bf5fcf28e31ca4389e7fff6c44978f4eed9c106fba6e862fe165e649cb0** -2021-12-04T19:16:49.078Z INFO Detected OS: debian -2021-12-04T19:16:49.078Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:49.239Z INFO Number of language-specific files: 0 +2021-12-04T19:16:49.078Z INFO Detected OS: debian +2021-12-04T19:16:49.078Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:49.239Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/blog:latest@sha256:22871bf5fcf28e31ca4389e7fff6c44978f4eed9c106fba6e862fe165e649cb0 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | |
Click to expand!http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.iss.net/security_center/static/7494.php
http://www.securityfocus.com/bid/3521
| @@ -647,14 +647,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:50.219Z INFO Detected OS: alpine -2021-12-04T19:16:50.219Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:50.228Z INFO Number of language-specific files: 0 +2021-12-04T19:16:50.219Z INFO Detected OS: alpine +2021-12-04T19:16:50.219Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:50.228Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -682,16 +682,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:16:51.035Z INFO Detected OS: debian -2021-12-04T19:16:51.035Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:16:51.096Z INFO Number of language-specific files: 2 -2021-12-04T19:16:51.098Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:16:51.098Z INFO Detecting jar vulnerabilities... +2021-12-04T19:16:51.035Z INFO Detected OS: debian +2021-12-04T19:16:51.035Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:16:51.096Z INFO Number of language-specific files: 2 +2021-12-04T19:16:51.098Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:16:51.098Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -886,16 +886,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/bookstack/security.md b/docs/apps/incubator/bookstack/security.md index 649be5fb551..0c7b6a59287 100644 --- a/docs/apps/incubator/bookstack/security.md +++ b/docs/apps/incubator/bookstack/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:16:54.657Z INFO Detected config files: 2 +2021-12-04T19:16:54.657Z INFO Detected config files: 2 #### bookstack/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:16:56.078Z INFO Detected OS: alpine -2021-12-04T19:16:56.078Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:16:56.092Z INFO Number of language-specific files: 0 +2021-12-04T19:16:56.078Z INFO Detected OS: alpine +2021-12-04T19:16:56.078Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:16:56.092Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,27 +70,27 @@ **Container: tccr.io/truecharts/bookstack:v21.11.20211118@sha256:f56ca2e8e3a74e5753700e5835c017264a1ca9b1a9a6740d25a50a003815149e** -2021-12-04T19:17:09.970Z INFO Number of language-specific files: 1 -2021-12-04T19:17:09.971Z INFO Detecting composer vulnerabilities... +2021-12-04T19:17:09.970Z INFO Number of language-specific files: 1 +2021-12-04T19:17:09.971Z INFO Detecting composer vulnerabilities... #### var/www-tmp/html/composer.lock - + **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | symfony/http-kernel | CVE-2021-41267 | MEDIUM | v5.3.10 | 5.3.0, 5.3.12 |
Click to expand!https://github.com/advisories/GHSA-q3j3-w37x-hq2q
https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
https://github.com/symfony/symfony/pull/44243
https://github.com/symfony/symfony/releases/tag/v5.3.12
https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
https://nvd.nist.gov/vuln/detail/CVE-2021-41267
https://symfony.com/cve-2021-41267
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:10.757Z INFO Detected OS: alpine -2021-12-04T19:17:10.757Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:10.770Z INFO Number of language-specific files: 0 +2021-12-04T19:17:10.757Z INFO Detected OS: alpine +2021-12-04T19:17:10.757Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:10.770Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -118,15 +118,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:17:11.844Z INFO Detected OS: debian -2021-12-04T19:17:11.845Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:17:11.871Z INFO Number of language-specific files: 2 -2021-12-04T19:17:11.871Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:17:11.844Z INFO Detected OS: debian +2021-12-04T19:17:11.845Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:17:11.871Z INFO Number of language-specific files: 2 +2021-12-04T19:17:11.871Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,16 +275,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/clarkson/security.md b/docs/apps/incubator/clarkson/security.md index 685cac4f3ca..b87127ed22b 100644 --- a/docs/apps/incubator/clarkson/security.md +++ b/docs/apps/incubator/clarkson/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:17:12.879Z INFO Detected config files: 2 +2021-12-04T19:17:12.879Z INFO Detected config files: 2 #### clarkson/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:13.756Z INFO Detected OS: alpine -2021-12-04T19:17:13.756Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:13.764Z INFO Number of language-specific files: 0 +2021-12-04T19:17:13.756Z INFO Detected OS: alpine +2021-12-04T19:17:13.756Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:13.764Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,25 +70,25 @@ **Container: tccr.io/truecharts/clarkson:v1.1.2@sha256:e54364ee0c78fbfec7e8e220ff1cf7cb49086b3b76c0577e36d6d894b7f20c0d** -2021-12-04T19:17:25.068Z INFO Number of language-specific files: 2 -2021-12-04T19:17:25.068Z INFO Detecting node-pkg vulnerabilities... -2021-12-04T19:17:25.069Z INFO Detecting jar vulnerabilities... -2021-12-04T19:17:25.070Z WARN maven constraint error ([10.5-alpha0,10.5.3.0_1]): failed to new comparer: 2 errors occurred: - * improper constraint: [10.5-alpha0,10.5.3.0_1] - * improper requirements: [] +2021-12-04T19:17:25.068Z INFO Number of language-specific files: 2 +2021-12-04T19:17:25.068Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:17:25.069Z INFO Detecting jar vulnerabilities... +2021-12-04T19:17:25.070Z WARN maven constraint error ([10.5-alpha0,10.5.3.0_1]): failed to new comparer: 2 errors occurred: + * improper constraint: [10.5-alpha0,10.5.3.0_1] + * improper requirements: [] #### Java - + **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | org.apache.derby:derby | CVE-2018-1313 | MEDIUM | 10.12.1.1 | 10.14.2.0 |
Click to expand!http://www.securityfocus.com/bid/104140
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r437d94437e6aef31af689b1e7025d024d676fd1ea9901d74e3e9ae48@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6755f48d4f5e44e39bba7dbf8d746678239d7f1f2cc108125519ce53@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/re29ab90978e6c997377fb975f674f7514f6beb642bbf79deb45477e5@%3Cdev.hive.apache.org%3E
https://markmail.org/message/akkappppxcdqrgxk
https://nvd.nist.gov/vuln/detail/CVE-2018-1313
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | express-jwt | CVE-2020-15084 | CRITICAL | 5.3.3 | 6.0.0 |
Click to expand!https://github.com/advisories/GHSA-6g6m-m6h5-w9gf
https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef
https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf
https://nvd.nist.gov/vuln/detail/CVE-2020-15084
| @@ -96,14 +96,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:26.089Z INFO Detected OS: alpine -2021-12-04T19:17:26.089Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:26.095Z INFO Number of language-specific files: 0 +2021-12-04T19:17:26.089Z INFO Detected OS: alpine +2021-12-04T19:17:26.089Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:26.095Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -131,15 +131,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:17:27.031Z INFO Detected OS: debian -2021-12-04T19:17:27.031Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:17:27.065Z INFO Number of language-specific files: 2 -2021-12-04T19:17:27.065Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:17:27.031Z INFO Detected OS: debian +2021-12-04T19:17:27.031Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:17:27.065Z INFO Number of language-specific files: 2 +2021-12-04T19:17:27.065Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -288,16 +288,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/friendica/security.md b/docs/apps/incubator/friendica/security.md index e4f19aae12c..3a647a57ff1 100644 --- a/docs/apps/incubator/friendica/security.md +++ b/docs/apps/incubator/friendica/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:17:38.802Z INFO Detected config files: 2 +2021-12-04T19:17:38.802Z INFO Detected config files: 2 #### friendica/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:39.584Z INFO Detected OS: alpine -2021-12-04T19:17:39.584Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:39.591Z INFO Number of language-specific files: 0 +2021-12-04T19:17:39.584Z INFO Detected OS: alpine +2021-12-04T19:17:39.584Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:39.591Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,17 +70,17 @@ **Container: tccr.io/truecharts/friendica:v2021.09@sha256:593f97fbe798f2b73e5129717dd178318b2448942de540e49ba9649bac1ef4c3** -2021-12-04T19:17:55.180Z INFO Detected OS: debian -2021-12-04T19:17:55.180Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:17:55.302Z INFO Number of language-specific files: 8 -2021-12-04T19:17:55.302Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:17:55.302Z INFO Detecting composer vulnerabilities... -2021-12-04T19:17:55.303Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:17:55.180Z INFO Detected OS: debian +2021-12-04T19:17:55.180Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:17:55.302Z INFO Number of language-specific files: 8 +2021-12-04T19:17:55.302Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:17:55.302Z INFO Detecting composer vulnerabilities... +2021-12-04T19:17:55.303Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/friendica:v2021.09@sha256:593f97fbe798f2b73e5129717dd178318b2448942de540e49ba9649bac1ef4c3 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-33193 | HIGH | 2.4.38-3+deb10u6 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch
https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/
https://portswigger.net/research/http2
https://security.netapp.com/advisory/ntap-20210917-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://www.tenable.com/security/tns-2021-17
| @@ -933,7 +933,7 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | dompurify | GHSA-mjjq-c88q-qhr6 | CRITICAL | 1.0.11 | 2.0.7 |
Click to expand!https://github.com/advisories/GHSA-mjjq-c88q-qhr6
https://github.com/cure53/DOMPurify/releases/tag/2.0.7
https://www.npmjs.com/advisories/1223
| @@ -947,63 +947,63 @@ | jquery | CVE-2020-11023 | MEDIUM | 2.2.4 | 3.5.0 |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://github.com/advisories/GHSA-jpcq-cgw6-v4j6
https://github.com/jquery/jquery/releases/tag/3.5.0
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
https://jquery.com/upgrade-guide/3.5/
https://linux.oracle.com/cve/CVE-2020-11023.html
https://linux.oracle.com/errata/ELSA-2021-9552.html
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E
https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E
https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | phpseclib/phpseclib | CVE-2021-30130 | HIGH | 2.0.4 | 2.0.31, 3.0.7 |
Click to expand!https://github.com/advisories/GHSA-vf4w-fg7r-5v94
https://github.com/phpseclib/phpseclib/pull/1635
https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
https://nvd.nist.gov/vuln/detail/CVE-2021-30130
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:57.345Z INFO Detected OS: alpine -2021-12-04T19:17:57.345Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:57.364Z INFO Number of language-specific files: 0 +2021-12-04T19:17:57.345Z INFO Detected OS: alpine +2021-12-04T19:17:57.345Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:57.364Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1031,15 +1031,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:17:58.841Z INFO Detected OS: debian -2021-12-04T19:17:58.841Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:17:58.872Z INFO Number of language-specific files: 2 -2021-12-04T19:17:58.872Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:17:58.841Z INFO Detected OS: debian +2021-12-04T19:17:58.841Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:17:58.872Z INFO Number of language-specific files: 2 +2021-12-04T19:17:58.872Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1188,16 +1188,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/icinga2/security.md b/docs/apps/incubator/icinga2/security.md index 10d19a70c41..47711f05d5b 100644 --- a/docs/apps/incubator/icinga2/security.md +++ b/docs/apps/incubator/icinga2/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:17:56.736Z INFO Detected config files: 2 +2021-12-04T19:17:56.736Z INFO Detected config files: 2 #### icinga2/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:17:57.980Z INFO Detected OS: alpine -2021-12-04T19:17:57.980Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:17:57.984Z INFO Number of language-specific files: 0 +2021-12-04T19:17:57.980Z INFO Detected OS: alpine +2021-12-04T19:17:57.980Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:17:57.984Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,15 +70,15 @@ **Container: tccr.io/truecharts/icinga2:v2.13.1@sha256:64116a1e267397888bcd6dd62b428322c81bf925f955867ada5207657a9d79db** -2021-12-04T19:18:19.214Z INFO Detected OS: debian -2021-12-04T19:18:19.214Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:19.392Z INFO Number of language-specific files: 4 -2021-12-04T19:18:19.392Z INFO Detecting composer vulnerabilities... +2021-12-04T19:18:19.214Z INFO Detected OS: debian +2021-12-04T19:18:19.214Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:19.392Z INFO Number of language-specific files: 4 +2021-12-04T19:18:19.392Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/icinga2:v2.13.1@sha256:64116a1e267397888bcd6dd62b428322c81bf925f955867ada5207657a9d79db (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-33193 | HIGH | 2.4.38-3+deb10u6 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch
https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/
https://portswigger.net/research/http2
https://security.netapp.com/advisory/ntap-20210917-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://www.tenable.com/security/tns-2021-17
| @@ -1292,43 +1292,43 @@ | zip | CVE-2018-13410 | LOW | 3.0-11 | |
Click to expand!http://seclists.org/fulldisclosure/2018/Jul/24
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:21.541Z INFO Detected OS: alpine -2021-12-04T19:18:21.541Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:21.549Z INFO Number of language-specific files: 0 +2021-12-04T19:18:21.541Z INFO Detected OS: alpine +2021-12-04T19:18:21.541Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:21.549Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1356,15 +1356,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:18:23.159Z INFO Detected OS: debian -2021-12-04T19:18:23.159Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:23.189Z INFO Number of language-specific files: 2 -2021-12-04T19:18:23.189Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:18:23.159Z INFO Detected OS: debian +2021-12-04T19:18:23.159Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:23.189Z INFO Number of language-specific files: 2 +2021-12-04T19:18:23.189Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1513,16 +1513,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/leantime/security.md b/docs/apps/incubator/leantime/security.md index 39de497bdc7..f677d57a085 100644 --- a/docs/apps/incubator/leantime/security.md +++ b/docs/apps/incubator/leantime/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:18:20.929Z INFO Detected config files: 2 +2021-12-04T19:18:20.929Z INFO Detected config files: 2 #### leantime/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:22.159Z INFO Detected OS: alpine -2021-12-04T19:18:22.159Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:22.166Z INFO Number of language-specific files: 0 +2021-12-04T19:18:22.159Z INFO Detected OS: alpine +2021-12-04T19:18:22.159Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:22.166Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,14 +70,14 @@ **Container: tccr.io/truecharts/leantime:v2.1.7-ls6@sha256:09f51955b47e8bf7cf8c95b7fa4e023ce2fae4aa15ef42db1568b4c23830b5a6** -2021-12-04T19:18:32.296Z INFO Detected OS: alpine -2021-12-04T19:18:32.296Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:32.310Z INFO Number of language-specific files: 0 +2021-12-04T19:18:32.296Z INFO Detected OS: alpine +2021-12-04T19:18:32.296Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:32.310Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/leantime:v2.1.7-ls6@sha256:09f51955b47e8bf7cf8c95b7fa4e023ce2fae4aa15ef42db1568b4c23830b5a6 (alpine 3.12.3) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-26691 | CRITICAL | 2.4.46-r1 | 2.4.48-r0 |
Click to expand!http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
https://linux.oracle.com/cve/CVE-2021-26691.html
https://linux.oracle.com/errata/ELSA-2021-3816.html
https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://ubuntu.com/security/notices/USN-4994-2
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -222,14 +222,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:36.295Z INFO Detected OS: alpine -2021-12-04T19:18:36.295Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:36.299Z INFO Number of language-specific files: 0 +2021-12-04T19:18:36.295Z INFO Detected OS: alpine +2021-12-04T19:18:36.295Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:36.299Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -257,15 +257,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:18:37.613Z INFO Detected OS: debian -2021-12-04T19:18:37.613Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:37.665Z INFO Number of language-specific files: 2 -2021-12-04T19:18:37.665Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:18:37.613Z INFO Detected OS: debian +2021-12-04T19:18:37.613Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:37.665Z INFO Number of language-specific files: 2 +2021-12-04T19:18:37.665Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -414,16 +414,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/monica/security.md b/docs/apps/incubator/monica/security.md index 81e34444191..2538687b11b 100644 --- a/docs/apps/incubator/monica/security.md +++ b/docs/apps/incubator/monica/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:18:33.269Z INFO Detected config files: 2 +2021-12-04T19:18:33.269Z INFO Detected config files: 2 #### monica/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:36.976Z INFO Detected OS: alpine -2021-12-04T19:18:36.976Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:36.981Z INFO Number of language-specific files: 0 +2021-12-04T19:18:36.976Z INFO Detected OS: alpine +2021-12-04T19:18:36.976Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:36.981Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,15 +70,15 @@ **Container: tccr.io/truecharts/monica:v3.5.0@sha256:5f4af565ef3b381c31abc8415d701b7b0019e9986b026cc2dfb263130f5e4214** -2021-12-04T19:18:44.138Z INFO Detected OS: debian -2021-12-04T19:18:44.138Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:44.235Z INFO Number of language-specific files: 1 -2021-12-04T19:18:44.235Z INFO Detecting composer vulnerabilities... +2021-12-04T19:18:44.138Z INFO Detected OS: debian +2021-12-04T19:18:44.138Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:44.235Z INFO Number of language-specific files: 1 +2021-12-04T19:18:44.235Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/monica:v3.5.0@sha256:5f4af565ef3b381c31abc8415d701b7b0019e9986b026cc2dfb263130f5e4214 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | |
Click to expand!http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.iss.net/security_center/static/7494.php
http://www.securityfocus.com/bid/3521
| @@ -432,7 +432,7 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | doctrine/dbal | CVE-2021-43608 | CRITICAL | 3.1.3 | 3.0.99, 3.1.4 |
Click to expand!https://github.com/advisories/GHSA-r7cj-8hjg-x622
https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
| @@ -440,14 +440,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:50.823Z INFO Detected OS: alpine -2021-12-04T19:18:50.823Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:50.832Z INFO Number of language-specific files: 0 +2021-12-04T19:18:50.823Z INFO Detected OS: alpine +2021-12-04T19:18:50.823Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:50.832Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -475,15 +475,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:18:52.889Z INFO Detected OS: debian -2021-12-04T19:18:52.889Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:18:52.938Z INFO Number of language-specific files: 2 -2021-12-04T19:18:52.938Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:18:52.889Z INFO Detected OS: debian +2021-12-04T19:18:52.889Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:18:52.938Z INFO Number of language-specific files: 2 +2021-12-04T19:18:52.938Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -632,16 +632,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/omada-controller/security.md b/docs/apps/incubator/omada-controller/security.md index 9216b5b4038..1c049ab00b5 100644 --- a/docs/apps/incubator/omada-controller/security.md +++ b/docs/apps/incubator/omada-controller/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:18:45.293Z INFO Detected config files: 1 +2021-12-04T19:18:45.293Z INFO Detected config files: 1 #### omada-controller/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:18:51.444Z INFO Detected OS: alpine -2021-12-04T19:18:51.444Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:18:51.452Z INFO Number of language-specific files: 0 +2021-12-04T19:18:51.444Z INFO Detected OS: alpine +2021-12-04T19:18:51.444Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:18:51.452Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/omada-controller:v4.4@sha256:7c06f9deb40f1fea1968eedf6da8b49192b89d0c4bcaa11f040d95c127141fb3** -2021-12-04T19:19:08.047Z INFO Detected OS: ubuntu -2021-12-04T19:19:08.047Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:19:08.054Z INFO Number of language-specific files: 1 -2021-12-04T19:19:08.054Z INFO Detecting jar vulnerabilities... +2021-12-04T19:19:08.047Z INFO Detected OS: ubuntu +2021-12-04T19:19:08.047Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:19:08.054Z INFO Number of language-specific files: 1 +2021-12-04T19:19:08.054Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/omada-controller:v4.4@sha256:7c06f9deb40f1fea1968eedf6da8b49192b89d0c4bcaa11f040d95c127141fb3 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -177,7 +177,7 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-14379 | CRITICAL | 2.9.8 | 2.7.9.6, 2.8.11.4, 2.9.9.2 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:2824
https://access.redhat.com/errata/RHSA-2019:2743
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:2935
https://access.redhat.com/errata/RHSA-2019:2936
https://access.redhat.com/errata/RHSA-2019:2937
https://access.redhat.com/errata/RHSA-2019:2938
https://access.redhat.com/errata/RHSA-2019:2998
https://access.redhat.com/errata/RHSA-2019:3044
https://access.redhat.com/errata/RHSA-2019:3045
https://access.redhat.com/errata/RHSA-2019:3046
https://access.redhat.com/errata/RHSA-2019:3050
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3200
https://access.redhat.com/errata/RHSA-2019:3292
https://access.redhat.com/errata/RHSA-2019:3297
https://access.redhat.com/errata/RHSA-2019:3901
https://access.redhat.com/errata/RHSA-2020:0727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2
https://github.com/FasterXML/jackson-databind/issues/2387
https://github.com/advisories/GHSA-6fpp-rgj9-8rwc
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E
https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E
https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
https://nvd.nist.gov/vuln/detail/CVE-2019-14379
https://security.netapp.com/advisory/ntap-20190814-0001/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
| @@ -271,4 +271,3 @@ | org.eclipse.jetty:jetty-webapp | CVE-2020-27218 | MEDIUM | 9.4.15.v20190215 | 9.4.35.v20201120, 11.0.1 |
Click to expand!https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
https://github.com/advisories/GHSA-86wm-rrjm-8wh8
https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1@%3Cdev.hbase.apache.org%3E
https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab@%3Ccommits.spark.apache.org%3E
https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e@%3Ccommits.spark.apache.org%3E
https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25@%3Ccommits.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29@%3Ccommits.spark.apache.org%3E
https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944@%3Ccommits.kafka.apache.org%3E
https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb@%3Ccommits.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88@%3Cdev.hbase.apache.org%3E
https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958@%3Ccommits.hbase.apache.org%3E
https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa@%3Creviews.spark.apache.org%3E
https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1@%3Cnotifications.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-27218
https://security.netapp.com/advisory/ntap-20201218-0003/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.hibernate:hibernate-validator | CVE-2020-10693 | MEDIUM | 5.4.3.Final | 6.0.20.Final, 6.1.5.Final, 7.0.0.CR1 |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693
https://github.com/advisories/GHSA-rmrm-75hp-phr2
https://nvd.nist.gov/vuln/detail/CVE-2020-10693
https://www.ibm.com/support/pages/node/6348216
| | org.springframework:spring-webmvc | CVE-2020-5398 | HIGH | 5.1.6.RELEASE | 5.0.16, 5.1.13, 5.2.3 |
Click to expand!https://github.com/advisories/GHSA-8wx2-9q48-vm9r
https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048@%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8@%3Ccommits.camel.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-5398
https://pivotal.io/security/cve-2020-5398
https://security.netapp.com/advisory/ntap-20210917-0006/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/docs/apps/incubator/piwigo/security.md b/docs/apps/incubator/piwigo/security.md index 19eab0c4624..892d20d8471 100644 --- a/docs/apps/incubator/piwigo/security.md +++ b/docs/apps/incubator/piwigo/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:19:08.996Z INFO Detected config files: 1 +2021-12-04T19:19:08.996Z INFO Detected config files: 1 #### piwigo/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:19:13.749Z INFO Detected OS: alpine -2021-12-04T19:19:13.749Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:19:13.756Z INFO Number of language-specific files: 0 +2021-12-04T19:19:13.749Z INFO Detected OS: alpine +2021-12-04T19:19:13.749Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:19:13.756Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/piwigo:version-11.5.0@sha256:8f8bb5d28b930edfded154d71dd2eab4ffe5631d2e4f21773bf33b220ab76f05** -2021-12-04T19:19:24.622Z INFO Number of language-specific files: 0 +2021-12-04T19:19:24.622Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/incubator/snipe-it/security.md b/docs/apps/incubator/snipe-it/security.md index 13cd50b4b3d..ddff880b3b2 100644 --- a/docs/apps/incubator/snipe-it/security.md +++ b/docs/apps/incubator/snipe-it/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:19:30.498Z INFO Detected config files: 2 +2021-12-04T19:19:30.498Z INFO Detected config files: 2 #### snipe-it/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:19:31.343Z INFO Detected OS: alpine -2021-12-04T19:19:31.343Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:19:31.351Z INFO Number of language-specific files: 0 +2021-12-04T19:19:31.343Z INFO Detected OS: alpine +2021-12-04T19:19:31.343Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:19:31.351Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,27 +70,27 @@ **Container: tccr.io/truecharts/snipe-it:v5.3.3@sha256:e4e26d777996c34fba581dcb26f05843ece36797f032a01df7fed1f1e32898cb** -2021-12-04T19:19:37.435Z INFO Number of language-specific files: 1 -2021-12-04T19:19:37.435Z INFO Detecting composer vulnerabilities... +2021-12-04T19:19:37.435Z INFO Number of language-specific files: 1 +2021-12-04T19:19:37.435Z INFO Detecting composer vulnerabilities... #### var/www/html/composer.lock - + **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | lcobucci/jwt | CVE-2021-41106 | LOW | 3.4.5 | 3.4.6, 4.0.4, 4.1.5 |
Click to expand!https://github.com/advisories/GHSA-7322-jrq4-x5hf
https://github.com/lcobucci/jwt/commit/8175de5b841fbe3fd97d2d49b3fc15c4ecb39a73
https://github.com/lcobucci/jwt/commit/c45bb8b961a8e742d8f6b88ef5ff1bd5cca5d01c
https://github.com/lcobucci/jwt/security/advisories/GHSA-7322-jrq4-x5hf
https://nvd.nist.gov/vuln/detail/CVE-2021-41106
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:19:38.343Z INFO Detected OS: alpine -2021-12-04T19:19:38.344Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:19:38.349Z INFO Number of language-specific files: 0 +2021-12-04T19:19:38.343Z INFO Detected OS: alpine +2021-12-04T19:19:38.344Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:19:38.349Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -118,15 +118,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:19:39.171Z INFO Detected OS: debian -2021-12-04T19:19:39.171Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:19:39.212Z INFO Number of language-specific files: 2 -2021-12-04T19:19:39.212Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:19:39.171Z INFO Detected OS: debian +2021-12-04T19:19:39.171Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:19:39.212Z INFO Number of language-specific files: 2 +2021-12-04T19:19:39.212Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,16 +275,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/incubator/tdarr-node/security.md b/docs/apps/incubator/tdarr-node/security.md index 5df0e39e854..8fa2b148477 100644 --- a/docs/apps/incubator/tdarr-node/security.md +++ b/docs/apps/incubator/tdarr-node/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:19:43.512Z INFO Detected config files: 1 +2021-12-04T19:19:43.512Z INFO Detected config files: 1 #### tdarr-node/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:19:44.568Z INFO Detected OS: alpine -2021-12-04T19:19:44.568Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:19:44.580Z INFO Number of language-specific files: 0 +2021-12-04T19:19:44.568Z INFO Detected OS: alpine +2021-12-04T19:19:44.568Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:19:44.580Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/tdarr_node:v2.00.11@sha256:f4ff41e5a09ea97bb468bb584e44c0f7d869a989404aa6a7618db1e040ccb31e** -2021-12-04T19:20:12.452Z INFO Detected OS: ubuntu -2021-12-04T19:20:12.452Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:20:12.463Z INFO Number of language-specific files: 0 +2021-12-04T19:20:12.452Z INFO Detected OS: ubuntu +2021-12-04T19:20:12.452Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:20:12.463Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/tdarr_node:v2.00.11@sha256:f4ff41e5a09ea97bb468bb584e44c0f7d869a989404aa6a7618db1e040ccb31e (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -314,4 +314,3 @@ | systemd-timesyncd | CVE-2020-13529 | LOW | 245.4-4ubuntu3.3 | 245.4-4ubuntu3.10 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2
| | tar | CVE-2019-9923 | LOW | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.1 |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| - diff --git a/docs/apps/incubator/tdarr/security.md b/docs/apps/incubator/tdarr/security.md index 7ca62d46ae9..17951e7746a 100644 --- a/docs/apps/incubator/tdarr/security.md +++ b/docs/apps/incubator/tdarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:20:13.433Z INFO Detected config files: 1 +2021-12-04T19:20:13.433Z INFO Detected config files: 1 #### tdarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:14.420Z INFO Detected OS: alpine -2021-12-04T19:20:14.420Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:14.428Z INFO Number of language-specific files: 0 +2021-12-04T19:20:14.420Z INFO Detected OS: alpine +2021-12-04T19:20:14.420Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:14.428Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/tdarr:v2.00.11@sha256:6fdd803b7a48519691ae1b18bf0700cf287fd8773557a0d6d0d16c782528ae18** -2021-12-04T19:20:31.295Z INFO Detected OS: ubuntu -2021-12-04T19:20:31.295Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:20:31.299Z INFO Number of language-specific files: 0 +2021-12-04T19:20:31.295Z INFO Detected OS: ubuntu +2021-12-04T19:20:31.295Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:20:31.299Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/tdarr:v2.00.11@sha256:6fdd803b7a48519691ae1b18bf0700cf287fd8773557a0d6d0d16c782528ae18 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -314,4 +314,3 @@ | systemd-timesyncd | CVE-2020-13529 | LOW | 245.4-4ubuntu3.3 | 245.4-4ubuntu3.10 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2
| | tar | CVE-2019-9923 | LOW | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.1 |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| - diff --git a/docs/apps/incubator/xbackbone/security.md b/docs/apps/incubator/xbackbone/security.md index e14aba3f726..8536ea2e0f9 100644 --- a/docs/apps/incubator/xbackbone/security.md +++ b/docs/apps/incubator/xbackbone/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:20:32.170Z INFO Detected config files: 2 +2021-12-04T19:20:32.170Z INFO Detected config files: 2 #### xbackbone/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:33.875Z INFO Detected OS: alpine -2021-12-04T19:20:33.875Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:33.882Z INFO Number of language-specific files: 0 +2021-12-04T19:20:33.875Z INFO Detected OS: alpine +2021-12-04T19:20:33.875Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:33.882Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,17 +70,17 @@ **Container: tccr.io/truecharts/xbackbone:v3.3.3@sha256:c22e8806732b5a63a9761d413f4dd3a39af9427a12818e8ff769094ebc141c99** -2021-12-04T19:20:43.175Z INFO Detected OS: alpine -2021-12-04T19:20:43.175Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:43.239Z INFO Number of language-specific files: 1 -2021-12-04T19:20:43.239Z INFO Detecting composer vulnerabilities... -2021-12-04T19:20:43.240Z WARN This OS version is no longer supported by the distribution: alpine 3.9.5 -2021-12-04T19:20:43.240Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:20:43.175Z INFO Detected OS: alpine +2021-12-04T19:20:43.175Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:43.239Z INFO Number of language-specific files: 1 +2021-12-04T19:20:43.239Z INFO Detecting composer vulnerabilities... +2021-12-04T19:20:43.240Z WARN This OS version is no longer supported by the distribution: alpine 3.9.5 +2021-12-04T19:20:43.240Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/xbackbone:v3.3.3@sha256:c22e8806732b5a63a9761d413f4dd3a39af9427a12818e8ff769094ebc141c99 (alpine 3.9.5) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | cups-libs | CVE-2020-3898 | HIGH | 2.2.12-r0 | 2.2.12-r1 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898
https://linux.oracle.com/cve/CVE-2020-3898.html
https://linux.oracle.com/errata/ELSA-2020-4469.html
https://support.apple.com/en-us/HT211100
https://support.apple.com/kb/HT211100
https://ubuntu.com/security/notices/USN-4340-1
| @@ -442,21 +442,21 @@ | sqlite-libs | CVE-2020-11655 | HIGH | 3.28.0-r2 | 3.28.0-r3 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11655
https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
https://security.gentoo.org/glsa/202007-26
https://security.netapp.com/advisory/ntap-20200416-0001/
https://ubuntu.com/security/notices/USN-4394-1
https://usn.ubuntu.com/4394-1/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11
https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | league/flysystem | CVE-2021-32708 | HIGH | 1.0.70 | 1.1.4, 2.1.1 |
Click to expand!https://github.com/advisories/GHSA-9f46-5r25-5wfm
https://github.com/thephpleague/flysystem/commit/a3c694de9f7e844b76f9d1b61296ebf6e8d89d74
https://github.com/thephpleague/flysystem/commit/f3ad69181b8afed2c9edf7be5a2918144ff4ea32
https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWPTENBYKI2IG47GI4DHAACLNRLTWUR5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNZSWK4GOMJOOHKLZEOE5AQSLC4DNCRZ/
https://nvd.nist.gov/vuln/detail/CVE-2021-32708
https://packagist.org/packages/league/flysystem
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:59.051Z INFO Detected OS: alpine -2021-12-04T19:20:59.051Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:59.069Z INFO Number of language-specific files: 0 +2021-12-04T19:20:59.051Z INFO Detected OS: alpine +2021-12-04T19:20:59.051Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:59.069Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -484,15 +484,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:21:00.409Z INFO Detected OS: debian -2021-12-04T19:21:00.409Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:21:00.448Z INFO Number of language-specific files: 2 -2021-12-04T19:21:00.448Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:21:00.409Z INFO Detected OS: debian +2021-12-04T19:21:00.409Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:21:00.448Z INFO Number of language-specific files: 2 +2021-12-04T19:21:00.448Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -641,16 +641,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/airsonic/security.md b/docs/apps/stable/airsonic/security.md index b6b020ba61f..1c5d5e45c19 100644 --- a/docs/apps/stable/airsonic/security.md +++ b/docs/apps/stable/airsonic/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:20:32.747Z INFO Detected config files: 1 +2021-12-04T19:20:32.747Z INFO Detected config files: 1 #### airsonic/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:35.271Z INFO Detected OS: alpine -2021-12-04T19:20:35.271Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:35.275Z INFO Number of language-specific files: 0 +2021-12-04T19:20:35.271Z INFO Detected OS: alpine +2021-12-04T19:20:35.271Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:35.275Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/airsonic:version-v10.6.2@sha256:f0065aa44fb1c38b7fc30d34e220138dc0a0c6477b78eb7f59015622c2052030** -2021-12-04T19:20:57.872Z INFO Detected OS: ubuntu -2021-12-04T19:20:57.872Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:20:57.882Z INFO Number of language-specific files: 1 -2021-12-04T19:20:57.882Z INFO Detecting jar vulnerabilities... +2021-12-04T19:20:57.872Z INFO Detected OS: ubuntu +2021-12-04T19:20:57.872Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:20:57.882Z INFO Number of language-specific files: 1 +2021-12-04T19:20:57.882Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/airsonic:version-v10.6.2@sha256:f0065aa44fb1c38b7fc30d34e220138dc0a0c6477b78eb7f59015622c2052030 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -675,7 +675,7 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ch.qos.logback:logback-classic | CVE-2017-5929 | CRITICAL | 1.1.11 | 1.2.0 |
Click to expand!http://www.cvedetails.com/cve/CVE-2017-5929/
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2017:1832
https://access.redhat.com/errata/RHSA-2018:2927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E
https://logback.qos.ch/news.html
https://nvd.nist.gov/vuln/detail/CVE-2017-5929
| @@ -703,4 +703,3 @@ | org.springframework.security:spring-security-core | CVE-2020-5408 | MEDIUM | 4.2.13.RELEASE | 4.2.16.RELEASE, 5.0.16.RELEASE, 5.1.10.RELEASE, 5.2.4.RELEASE, 5.3.2.RELEASE |
Click to expand!https://github.com/advisories/GHSA-2ppp-9496-p23q
https://nvd.nist.gov/vuln/detail/CVE-2020-5408
https://tanzu.vmware.com/security/cve-2020-5408
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
| | org.springframework.security:spring-security-web | CVE-2021-22112 | HIGH | 4.2.13.RELEASE | 5.3.8, 5.4.4, 5.2.9 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/7
https://github.com/advisories/GHSA-gq28-h5vg-8prx
https://github.com/spring-projects/spring-security/releases/tag/5.4.4
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22112
https://tanzu.vmware.com/security/cve-2021-22112
https://www.jenkins.io/security/advisory/2021-02-19/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.17 | 1.26 |
Click to expand!https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack
https://bitbucket.org/asomov/snakeyaml/wiki/Changes
https://github.com/advisories/GHSA-rvwf-54qp-4r6v
https://linux.oracle.com/cve/CVE-2017-18640.html
https://linux.oracle.com/errata/ELSA-2020-4807.html
https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages
https://nvd.nist.gov/vuln/detail/CVE-2017-18640
https://www.oracle.com/security-alerts/cpuApr2021.html
| - diff --git a/docs/apps/stable/amcrest2mqtt/security.md b/docs/apps/stable/amcrest2mqtt/security.md index 3b8a4bc61b0..080e87e449a 100644 --- a/docs/apps/stable/amcrest2mqtt/security.md +++ b/docs/apps/stable/amcrest2mqtt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:20:58.430Z INFO Detected config files: 1 +2021-12-04T19:20:58.430Z INFO Detected config files: 1 #### amcrest2mqtt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:20:59.709Z INFO Detected OS: alpine -2021-12-04T19:20:59.709Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:20:59.715Z INFO Number of language-specific files: 0 +2021-12-04T19:20:59.709Z INFO Detected OS: alpine +2021-12-04T19:20:59.709Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:20:59.715Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/amcrest2mqtt:v1.0.11@sha256:8721ad99bcd3392b206c71720718f8e56e58188ecae5076b75c71a46cf1239fc** -2021-12-04T19:21:02.759Z INFO Detected OS: alpine -2021-12-04T19:21:02.759Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:21:02.763Z INFO Number of language-specific files: 1 -2021-12-04T19:21:02.763Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:21:02.759Z INFO Detected OS: alpine +2021-12-04T19:21:02.759Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:21:02.763Z INFO Number of language-specific files: 1 +2021-12-04T19:21:02.763Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/amcrest2mqtt:v1.0.11@sha256:8721ad99bcd3392b206c71720718f8e56e58188ecae5076b75c71a46cf1239fc (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -97,9 +97,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/apache-musicindex/security.md b/docs/apps/stable/apache-musicindex/security.md index f291f1be0ba..77349e3984a 100644 --- a/docs/apps/stable/apache-musicindex/security.md +++ b/docs/apps/stable/apache-musicindex/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:21:03.543Z INFO Detected config files: 1 +2021-12-04T19:21:03.543Z INFO Detected config files: 1 #### apache-musicindex/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:21:04.419Z INFO Detected OS: alpine -2021-12-04T19:21:04.419Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:21:04.423Z INFO Number of language-specific files: 0 +2021-12-04T19:21:04.419Z INFO Detected OS: alpine +2021-12-04T19:21:04.419Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:21:04.423Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/apache-musicindex:v1.4.1-2@sha256:442d1edfbf89b8a2a42c0d649f53f091c39256c65f922078ad38ff60bdbdadf9** -2021-12-04T19:21:13.410Z INFO Detected OS: ubuntu -2021-12-04T19:21:13.410Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:21:13.420Z INFO Number of language-specific files: 1 -2021-12-04T19:21:13.421Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:21:13.410Z INFO Detected OS: ubuntu +2021-12-04T19:21:13.410Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:21:13.420Z INFO Number of language-specific files: 1 +2021-12-04T19:21:13.421Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/apache-musicindex:v1.4.1-2@sha256:442d1edfbf89b8a2a42c0d649f53f091c39256c65f922078ad38ff60bdbdadf9 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2019-17567 | MEDIUM | 2.4.41-4ubuntu3.3 | |
Click to expand!http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -267,8 +267,7 @@ | perl-modules-5.30 | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/appdaemon/security.md b/docs/apps/stable/appdaemon/security.md index f619dd73ab9..8c44517d58b 100644 --- a/docs/apps/stable/appdaemon/security.md +++ b/docs/apps/stable/appdaemon/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:21:44.334Z INFO Detected config files: 1 +2021-12-04T19:21:44.334Z INFO Detected config files: 1 #### appdaemon/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:21:45.369Z INFO Detected OS: alpine -2021-12-04T19:21:45.369Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:21:45.378Z INFO Number of language-specific files: 0 +2021-12-04T19:21:45.369Z INFO Detected OS: alpine +2021-12-04T19:21:45.369Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:21:45.378Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,17 +61,17 @@ **Container: tccr.io/truecharts/appdaemon:v4.1.0@sha256:f490c318750595459824cb9355b95c8cdab768271288477454b212a8a93499a6** -2021-12-04T19:22:07.262Z INFO Detected OS: alpine -2021-12-04T19:22:07.262Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:07.266Z INFO Number of language-specific files: 4 -2021-12-04T19:22:07.266Z INFO Detecting cargo vulnerabilities... -2021-12-04T19:22:07.266Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:22:07.269Z WARN version error (3.7.4.post0): malformed version: 3.7.4.post0 +2021-12-04T19:22:07.262Z INFO Detected OS: alpine +2021-12-04T19:22:07.262Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:07.266Z INFO Number of language-specific files: 4 +2021-12-04T19:22:07.266Z INFO Detecting cargo vulnerabilities... +2021-12-04T19:22:07.266Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:22:07.269Z WARN version error (3.7.4.post0): malformed version: 3.7.4.post0 #### tccr.io/truecharts/appdaemon:v4.1.0@sha256:f490c318750595459824cb9355b95c8cdab768271288477454b212a8a93499a6 (alpine 3.14.1) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -111,29 +111,26 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | aiohttp | pyup.io-42692 | UNKNOWN | 3.7.4.post0 | 3.8.0 |
Click to expand!
| **cargo** - + | No Vulnerabilities found | |:---------------------------------| - + **cargo** - + | No Vulnerabilities found | |:---------------------------------| - + **cargo** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/aria2/security.md b/docs/apps/stable/aria2/security.md index ba05f2ed8ec..e97c70448e5 100644 --- a/docs/apps/stable/aria2/security.md +++ b/docs/apps/stable/aria2/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:22:11.653Z INFO Detected config files: 1 +2021-12-04T19:22:11.653Z INFO Detected config files: 1 #### aria2/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:16.626Z INFO Detected OS: alpine -2021-12-04T19:22:16.626Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:16.636Z INFO Number of language-specific files: 0 +2021-12-04T19:22:16.626Z INFO Detected OS: alpine +2021-12-04T19:22:16.626Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:16.636Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/aria2-pro:latest@sha256:6c0ddcc7be4da69ac146ff3153df727a5818f733636a1c4d9b78ccffd6106a23** -2021-12-04T19:22:47.545Z INFO Detected OS: alpine -2021-12-04T19:22:47.545Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:47.554Z INFO Number of language-specific files: 0 +2021-12-04T19:22:47.545Z INFO Detected OS: alpine +2021-12-04T19:22:47.545Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:47.554Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/aria2-pro:latest@sha256:6c0ddcc7be4da69ac146ff3153df727a5818f733636a1c4d9b78ccffd6106a23 (alpine 3.12.7) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-28831 | HIGH | 1.31.1-r20 | 1.32.1-r4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
| @@ -103,4 +103,3 @@ | ssl_client | CVE-2021-42385 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| - diff --git a/docs/apps/stable/audacity/security.md b/docs/apps/stable/audacity/security.md index 821183e7f7b..d71cffce9cc 100644 --- a/docs/apps/stable/audacity/security.md +++ b/docs/apps/stable/audacity/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:22:08.572Z INFO Detected config files: 1 +2021-12-04T19:22:08.572Z INFO Detected config files: 1 #### audacity/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:16.032Z INFO Detected OS: alpine -2021-12-04T19:22:16.032Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:16.042Z INFO Number of language-specific files: 0 +2021-12-04T19:22:16.032Z INFO Detected OS: alpine +2021-12-04T19:22:16.032Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:16.042Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/audacity:v3.0.2@sha256:a0a829c08c74236b405888f26c4a52251b403db6ca8946895d00505ba1a1ffc7** -2021-12-04T19:22:36.414Z INFO Detected OS: ubuntu -2021-12-04T19:22:36.414Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:22:36.419Z INFO Number of language-specific files: 1 -2021-12-04T19:22:36.419Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:22:36.414Z INFO Detected OS: ubuntu +2021-12-04T19:22:36.414Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:22:36.419Z INFO Number of language-specific files: 1 +2021-12-04T19:22:36.419Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/audacity:v3.0.2@sha256:a0a829c08c74236b405888f26c4a52251b403db6ca8946895d00505ba1a1ffc7 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -440,7 +440,7 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -451,4 +451,3 @@ | tar | CVE-2021-37701 | HIGH | 6.1.1 | 6.1.7, 5.0.8, 4.4.16 |
Click to expand!https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37712 | HIGH | 6.1.1 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37713 | HIGH | 6.1.1 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/docs/apps/stable/authelia/security.md b/docs/apps/stable/authelia/security.md index 213a9eb6b93..3fc764712ac 100644 --- a/docs/apps/stable/authelia/security.md +++ b/docs/apps/stable/authelia/security.md @@ -4,30 +4,30 @@ ##### Scan Results -2021-12-04T19:22:08.025Z INFO Detected config files: 3 +2021-12-04T19:22:08.025Z INFO Detected config files: 3 #### authelia/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -45,14 +45,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:11.130Z INFO Detected OS: alpine -2021-12-04T19:22:11.130Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:11.139Z INFO Number of language-specific files: 0 +2021-12-04T19:22:11.130Z INFO Detected OS: alpine +2021-12-04T19:22:11.130Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:11.139Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -80,16 +80,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:22:12.985Z INFO Detected OS: debian -2021-12-04T19:22:12.985Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:22:13.014Z INFO Number of language-specific files: 2 -2021-12-04T19:22:13.014Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:22:13.014Z INFO Detecting jar vulnerabilities... +2021-12-04T19:22:12.985Z INFO Detected OS: debian +2021-12-04T19:22:12.985Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:22:13.014Z INFO Number of language-specific files: 2 +2021-12-04T19:22:13.014Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:13.014Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -284,55 +284,55 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d** -2021-12-04T19:22:39.064Z INFO Detected OS: alpine -2021-12-04T19:22:39.064Z WARN This OS version is not on the EOL list: alpine 3.15 -2021-12-04T19:22:39.064Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:39.065Z INFO Number of language-specific files: 1 -2021-12-04T19:22:39.065Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:22:39.066Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 -2021-12-04T19:22:39.066Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:22:39.064Z INFO Detected OS: alpine +2021-12-04T19:22:39.064Z WARN This OS version is not on the EOL list: alpine 3.15 +2021-12-04T19:22:39.064Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:39.065Z INFO Number of language-specific files: 1 +2021-12-04T19:22:39.065Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:39.066Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 +2021-12-04T19:22:39.066Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d (alpine 3.15.0) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:40.646Z INFO Detected OS: alpine -2021-12-04T19:22:40.646Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:40.668Z INFO Number of language-specific files: 0 +2021-12-04T19:22:40.646Z INFO Detected OS: alpine +2021-12-04T19:22:40.646Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:40.668Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -360,15 +360,15 @@ **Container: tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae** -2021-12-04T19:22:52.900Z INFO Detected OS: debian -2021-12-04T19:22:52.900Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:22:52.932Z INFO Number of language-specific files: 2 -2021-12-04T19:22:52.932Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:52.900Z INFO Detected OS: debian +2021-12-04T19:22:52.900Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:22:52.932Z INFO Number of language-specific files: 2 +2021-12-04T19:22:52.932Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -515,29 +515,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:54.651Z INFO Detected OS: alpine -2021-12-04T19:22:54.651Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:54.664Z INFO Number of language-specific files: 0 +2021-12-04T19:22:54.651Z INFO Detected OS: alpine +2021-12-04T19:22:54.651Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:54.664Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -565,16 +565,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:22:56.329Z INFO Detected OS: debian -2021-12-04T19:22:56.329Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:22:56.362Z INFO Number of language-specific files: 2 -2021-12-04T19:22:56.362Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:22:56.362Z INFO Detecting jar vulnerabilities... +2021-12-04T19:22:56.329Z INFO Detected OS: debian +2021-12-04T19:22:56.329Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:22:56.362Z INFO Number of language-specific files: 2 +2021-12-04T19:22:56.362Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:56.362Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -769,16 +769,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/babybuddy/security.md b/docs/apps/stable/babybuddy/security.md index 5f5558f9b2f..facfc72d029 100644 --- a/docs/apps/stable/babybuddy/security.md +++ b/docs/apps/stable/babybuddy/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:22:39.948Z INFO Detected config files: 2 +2021-12-04T19:22:39.948Z INFO Detected config files: 2 #### babybuddy/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:22:54.039Z INFO Detected OS: alpine -2021-12-04T19:22:54.039Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:22:54.045Z INFO Number of language-specific files: 0 +2021-12-04T19:22:54.039Z INFO Detected OS: alpine +2021-12-04T19:22:54.039Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:22:54.045Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:22:55.616Z INFO Detected OS: debian -2021-12-04T19:22:55.616Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:22:55.658Z INFO Number of language-specific files: 2 -2021-12-04T19:22:55.658Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:22:55.658Z INFO Detecting jar vulnerabilities... +2021-12-04T19:22:55.616Z INFO Detected OS: debian +2021-12-04T19:22:55.616Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:22:55.658Z INFO Number of language-specific files: 2 +2021-12-04T19:22:55.658Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:22:55.658Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,50 +275,50 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/babybuddy:v1.9.1@sha256:da34791df622b4eea3c1bd6c3c585f0e7e229140f6b60802fabed2ffcad238b2** -2021-12-04T19:23:17.867Z INFO Number of language-specific files: 2 -2021-12-04T19:23:17.867Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:23:17.892Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:23:17.867Z INFO Number of language-specific files: 2 +2021-12-04T19:23:17.867Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:23:17.892Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | reportlab | CVE-2020-28463 | MEDIUM | 3.6.2 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1930417
https://github.com/advisories/GHSA-mpvw-25mg-59vx
https://hg.reportlab.com/hg-public/reportlab/file/f094d273903a/CHANGES.md#l71
https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/
https://nvd.nist.gov/vuln/detail/CVE-2020-28463
https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
https://www.reportlab.com/docs/reportlab-userguide.pdf
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:23:19.420Z INFO Detected OS: alpine -2021-12-04T19:23:19.420Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:23:19.425Z INFO Number of language-specific files: 0 +2021-12-04T19:23:19.420Z INFO Detected OS: alpine +2021-12-04T19:23:19.420Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:23:19.425Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -346,16 +346,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:23:20.640Z INFO Detected OS: debian -2021-12-04T19:23:20.640Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:23:20.686Z INFO Number of language-specific files: 2 -2021-12-04T19:23:20.686Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:23:20.686Z INFO Detecting jar vulnerabilities... +2021-12-04T19:23:20.640Z INFO Detected OS: debian +2021-12-04T19:23:20.640Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:23:20.686Z INFO Number of language-specific files: 2 +2021-12-04T19:23:20.686Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:23:20.686Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -550,16 +550,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/bazarr/security.md b/docs/apps/stable/bazarr/security.md index 93135a8e825..f86618d7281 100644 --- a/docs/apps/stable/bazarr/security.md +++ b/docs/apps/stable/bazarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:23:18.527Z INFO Detected config files: 1 +2021-12-04T19:23:18.527Z INFO Detected config files: 1 #### bazarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:23:19.995Z INFO Detected OS: alpine -2021-12-04T19:23:19.995Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:23:20.001Z INFO Number of language-specific files: 0 +2021-12-04T19:23:19.995Z INFO Detected OS: alpine +2021-12-04T19:23:19.995Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:23:20.001Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/bazarr:v1.0.1@sha256:b6d3d33d3f964e4de7563096f07476f9f2c990f2268e1f9814d3281c3181111e** -2021-12-04T19:23:37.001Z INFO Detected OS: ubuntu -2021-12-04T19:23:37.001Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:23:37.005Z INFO Number of language-specific files: 2 -2021-12-04T19:23:37.005Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:23:37.006Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:23:37.001Z INFO Detected OS: ubuntu +2021-12-04T19:23:37.001Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:23:37.005Z INFO Number of language-specific files: 2 +2021-12-04T19:23:37.005Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:23:37.006Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/bazarr:v1.0.1@sha256:b6d3d33d3f964e4de7563096f07476f9f2c990f2268e1f9814d3281c3181111e (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -728,15 +728,14 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/beets/security.md b/docs/apps/stable/beets/security.md index 98f279e4e92..3a8a9c8af9c 100644 --- a/docs/apps/stable/beets/security.md +++ b/docs/apps/stable/beets/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:23:37.846Z INFO Detected config files: 1 +2021-12-04T19:23:37.846Z INFO Detected config files: 1 #### beets/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:23:39.006Z INFO Detected OS: alpine -2021-12-04T19:23:39.006Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:23:39.013Z INFO Number of language-specific files: 0 +2021-12-04T19:23:39.006Z INFO Detected OS: alpine +2021-12-04T19:23:39.006Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:23:39.013Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,13 @@ **Container: tccr.io/truecharts/beets:v1.5.0@sha256:031e2eec738848149e808eb102279817aa3fea8e57d012191daf1c471de07703** -2021-12-04T19:23:47.194Z INFO Number of language-specific files: 1 -2021-12-04T19:23:47.194Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:23:47.194Z INFO Number of language-specific files: 1 +2021-12-04T19:23:47.194Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | beets | pyup.io-42892 | UNKNOWN | 1.5.0 | 1.6.0 |
Click to expand!
| - diff --git a/docs/apps/stable/booksonic-air/security.md b/docs/apps/stable/booksonic-air/security.md index 5a7a73add3f..d5eaed58838 100644 --- a/docs/apps/stable/booksonic-air/security.md +++ b/docs/apps/stable/booksonic-air/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:23:47.705Z INFO Detected config files: 1 +2021-12-04T19:23:47.705Z INFO Detected config files: 1 #### booksonic-air/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:23:48.807Z INFO Detected OS: alpine -2021-12-04T19:23:48.807Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:23:48.815Z INFO Number of language-specific files: 0 +2021-12-04T19:23:48.807Z INFO Detected OS: alpine +2021-12-04T19:23:48.807Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:23:48.815Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/booksonic-air:v2009.1.0@sha256:300d9d7d0c343daf7e5964737cfb25fb1dad5cff29ebe45076070e04c924014a** -2021-12-04T19:24:10.473Z INFO Detected OS: ubuntu -2021-12-04T19:24:10.473Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:24:10.501Z INFO Number of language-specific files: 1 -2021-12-04T19:24:10.501Z INFO Detecting jar vulnerabilities... +2021-12-04T19:24:10.473Z INFO Detected OS: ubuntu +2021-12-04T19:24:10.473Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:24:10.501Z INFO Number of language-specific files: 1 +2021-12-04T19:24:10.501Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/booksonic-air:v2009.1.0@sha256:300d9d7d0c343daf7e5964737cfb25fb1dad5cff29ebe45076070e04c924014a (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -676,7 +676,7 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.google.guava:guava | CVE-2020-8908 | LOW | 28.2-jre | 30.0 |
Click to expand!https://github.com/advisories/GHSA-5mg8-w23w-74h3
https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
https://github.com/google/guava/issues/4011
https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r037fed1d0ebde50c9caf8d99815db3093c344c3f651c5a49a09824ce@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E
https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-8908
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -698,4 +698,3 @@ | org.springframework.security:spring-security-core | CVE-2021-22119 | HIGH | 5.2.4.RELEASE | 5.2.11.RELEASE, 5.3.10.RELEASE, 5.4.7, 5.5.1 |
Click to expand!https://github.com/advisories/GHSA-w9jg-gvgr-354m
https://github.com/spring-projects/spring-security/pull/9513
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22119
https://tanzu.vmware.com/security/cve-2021-22119
| | org.springframework.security:spring-security-web | CVE-2021-22112 | HIGH | 5.2.4.RELEASE | 5.3.8, 5.4.4, 5.2.9 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/7
https://github.com/advisories/GHSA-gq28-h5vg-8prx
https://github.com/spring-projects/spring-security/releases/tag/5.4.4
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22112
https://tanzu.vmware.com/security/cve-2021-22112
https://www.jenkins.io/security/advisory/2021-02-19/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.25 | 1.26 |
Click to expand!https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack
https://bitbucket.org/asomov/snakeyaml/wiki/Changes
https://github.com/advisories/GHSA-rvwf-54qp-4r6v
https://linux.oracle.com/cve/CVE-2017-18640.html
https://linux.oracle.com/errata/ELSA-2020-4807.html
https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages
https://nvd.nist.gov/vuln/detail/CVE-2017-18640
https://www.oracle.com/security-alerts/cpuApr2021.html
| - diff --git a/docs/apps/stable/calibre-web/security.md b/docs/apps/stable/calibre-web/security.md index 9da028a49ea..4bcb5e3eb02 100644 --- a/docs/apps/stable/calibre-web/security.md +++ b/docs/apps/stable/calibre-web/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:24:11.523Z INFO Detected config files: 1 +2021-12-04T19:24:11.523Z INFO Detected config files: 1 #### calibre-web/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:24:12.326Z INFO Detected OS: alpine -2021-12-04T19:24:12.326Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:24:12.333Z INFO Number of language-specific files: 0 +2021-12-04T19:24:12.326Z INFO Detected OS: alpine +2021-12-04T19:24:12.326Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:24:12.333Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/calibre-web:version-0.6.12@sha256:3f54c0f7bec8c635f019d88039b986c5fa8951445daf5016b4cdb1118694c612** -2021-12-04T19:24:32.635Z INFO Detected OS: ubuntu -2021-12-04T19:24:32.635Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:24:32.641Z INFO Number of language-specific files: 1 -2021-12-04T19:24:32.641Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:24:32.635Z INFO Detected OS: ubuntu +2021-12-04T19:24:32.635Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:24:32.641Z INFO Number of language-specific files: 1 +2021-12-04T19:24:32.641Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/calibre-web:version-0.6.12@sha256:3f54c0f7bec8c635f019d88039b986c5fa8951445daf5016b4cdb1118694c612 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -245,11 +245,10 @@ | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | SQLAlchemy-Utils | pyup.io-42194 | UNKNOWN | 0.37.8 | |
Click to expand!
| | Werkzeug | pyup.io-42050 | UNKNOWN | 1.0.1 | 2.0.2 |
Click to expand!
| | python-ldap | GHSA-r8wq-qrxc-hmcm | MEDIUM | 3.3.1 | 3.4.0 |
Click to expand!https://github.com/advisories/GHSA-r8wq-qrxc-hmcm
https://github.com/python-ldap/python-ldap/issues/424
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
| | urllib3 | CVE-2021-33503 | HIGH | 1.25.11 | 1.26.5 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
https://nvd.nist.gov/vuln/detail/CVE-2021-33503
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/docs/apps/stable/calibre/security.md b/docs/apps/stable/calibre/security.md index 6cf5c394f11..f8f2f9c0a9a 100644 --- a/docs/apps/stable/calibre/security.md +++ b/docs/apps/stable/calibre/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:24:33.520Z INFO Detected config files: 1 +2021-12-04T19:24:33.520Z INFO Detected config files: 1 #### calibre/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:24:34.364Z INFO Detected OS: alpine -2021-12-04T19:24:34.364Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:24:34.372Z INFO Number of language-specific files: 0 +2021-12-04T19:24:34.364Z INFO Detected OS: alpine +2021-12-04T19:24:34.364Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:24:34.372Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/calibre:v5.32.0-ls138@sha256:a7c6272300628eb747dc129001aef8bc53d9b462ebe6b4953de904a2a5e15c8e** -2021-12-04T19:25:00.213Z INFO Detected OS: ubuntu -2021-12-04T19:25:00.213Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:25:00.222Z INFO Number of language-specific files: 1 -2021-12-04T19:25:00.222Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:25:00.213Z INFO Detected OS: ubuntu +2021-12-04T19:25:00.213Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:25:00.222Z INFO Number of language-specific files: 1 +2021-12-04T19:25:00.222Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/calibre:v5.32.0-ls138@sha256:a7c6272300628eb747dc129001aef8bc53d9b462ebe6b4953de904a2a5e15c8e (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -301,9 +301,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/docs/apps/stable/cloud9/security.md b/docs/apps/stable/cloud9/security.md index 9ddbc221aa4..179c78b21c2 100644 --- a/docs/apps/stable/cloud9/security.md +++ b/docs/apps/stable/cloud9/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:24:35.015Z INFO Detected config files: 1 +2021-12-04T19:24:35.015Z INFO Detected config files: 1 #### cloud9/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:25:01.448Z INFO Detected OS: alpine -2021-12-04T19:25:01.448Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:25:01.454Z INFO Number of language-specific files: 0 +2021-12-04T19:25:01.448Z INFO Detected OS: alpine +2021-12-04T19:25:01.448Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:25:01.454Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/cloud9:version-1.29.2@sha256:4891fa151fe52c43719f0346124f29c81ed47be16cdc34554b8896b0cb80cb73** -2021-12-04T19:25:16.818Z INFO Detected OS: ubuntu -2021-12-04T19:25:16.818Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:25:16.823Z INFO Number of language-specific files: 1 -2021-12-04T19:25:16.823Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:25:16.818Z INFO Detected OS: ubuntu +2021-12-04T19:25:16.818Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:25:16.823Z INFO Number of language-specific files: 1 +2021-12-04T19:25:16.823Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/cloud9:version-1.29.2@sha256:4891fa151fe52c43719f0346124f29c81ed47be16cdc34554b8896b0cb80cb73 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -202,7 +202,7 @@ | perl-modules-5.26 | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bl | CVE-2020-8244 | MEDIUM | 1.1.2 | 2.2.1, 1.2.3, 4.0.3, 3.0.1 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8244
https://github.com/advisories/GHSA-pp7h-53gx-mx7r
https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e
https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466
https://hackerone.com/reports/966347
https://nvd.nist.gov/vuln/detail/CVE-2020-8244
https://ubuntu.com/security/notices/USN-5098-1
| @@ -313,4 +313,3 @@ | ws | NSWG-ECO-120 | HIGH | 1.0.1 | >=1.1.1 |
Click to expand!https://github.com/nodejs/node/issues/7388
| | xmlhttprequest-ssl | CVE-2021-31597 | CRITICAL | 1.5.1 | 1.6.1 |
Click to expand!https://github.com/advisories/GHSA-72mh-269x-7mh5
https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2
https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-31597
https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt
https://security.netapp.com/advisory/ntap-20210618-0004/
| | xmlhttprequest-ssl | CVE-2020-28502 | HIGH | 1.5.1 | 1.6.2 |
Click to expand!https://github.com/advisories/GHSA-h4j5-c7cj-74xg
https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js#L480
https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480
https://github.com/driverdan/node-XMLHttpRequest/commit/983cfc244c7567ad6a59e366e55a8037e0497fe6
https://github.com/mjwwit/node-XMLHttpRequest/blob/ae38832a0f1347c5e96dda665402509a3458e302/lib/XMLHttpRequest.js#L531
https://github.com/mjwwit/node-XMLHttpRequest/commit/ee1e81fc67729c7c0eba5537ed7fe1e30a6b3291
https://nvd.nist.gov/vuln/detail/CVE-2020-28502
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938
https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935
https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
| - diff --git a/docs/apps/stable/code-server/security.md b/docs/apps/stable/code-server/security.md index 88579823468..78d55277c61 100644 --- a/docs/apps/stable/code-server/security.md +++ b/docs/apps/stable/code-server/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:25:00.723Z INFO Detected config files: 1 +2021-12-04T19:25:00.723Z INFO Detected config files: 1 #### code-server/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:25:02.061Z INFO Detected OS: alpine -2021-12-04T19:25:02.062Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:25:02.085Z INFO Number of language-specific files: 0 +2021-12-04T19:25:02.061Z INFO Detected OS: alpine +2021-12-04T19:25:02.062Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:25:02.085Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/code-server:v3.12.0@sha256:2853a8bdd8eed9c09bcd4b100b9d4be20c42a307b9d1cbae1a204276e948f9ce** -2021-12-04T19:25:36.140Z INFO Detected OS: debian -2021-12-04T19:25:36.140Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:25:36.206Z INFO Number of language-specific files: 1 -2021-12-04T19:25:36.206Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:25:36.140Z INFO Detected OS: debian +2021-12-04T19:25:36.140Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:25:36.206Z INFO Number of language-specific files: 1 +2021-12-04T19:25:36.206Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/code-server:v3.12.0@sha256:2853a8bdd8eed9c09bcd4b100b9d4be20c42a307b9d1cbae1a204276e948f9ce (debian 11.0) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,10 +275,9 @@ | xxd | CVE-2017-1000382 | LOW | 2:8.2.2434-3 | |
Click to expand!http://security.cucumberlinux.com/security/details.php?id=120
http://www.openwall.com/lists/oss-security/2017/10/31/1
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.1 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| | gopkg.in/yaml.v2 | GMS-2019-2 | UNKNOWN | v2.2.1 | v2.2.3 |
Click to expand!https://github.com/docker/cli/pull/2117
| | gopkg.in/yaml.v2 | GO-2021-0061 | UNKNOWN | v2.2.1 | v2.2.3 |
Click to expand!
| - diff --git a/docs/apps/stable/collabora-online/security.md b/docs/apps/stable/collabora-online/security.md index 0cd051bb2e3..7fed3e1558b 100644 --- a/docs/apps/stable/collabora-online/security.md +++ b/docs/apps/stable/collabora-online/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:25:17.415Z INFO Detected config files: 1 +2021-12-04T19:25:17.415Z INFO Detected config files: 1 #### collabora-online/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:25:37.694Z INFO Detected OS: alpine -2021-12-04T19:25:37.694Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:25:37.711Z INFO Number of language-specific files: 0 +2021-12-04T19:25:37.694Z INFO Detected OS: alpine +2021-12-04T19:25:37.694Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:25:37.711Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/collabora:v6.4.14.3@sha256:d4a55425927736cb167a8df37ba6f2a60c0e3e0bacc0ee2496ecb5e535176f60** -2021-12-04T19:26:07.419Z INFO Detected OS: ubuntu -2021-12-04T19:26:07.419Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:26:07.425Z INFO Number of language-specific files: 0 +2021-12-04T19:26:07.419Z INFO Detected OS: ubuntu +2021-12-04T19:26:07.419Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:26:07.425Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/collabora:v6.4.14.3@sha256:d4a55425927736cb167a8df37ba6f2a60c0e3e0bacc0ee2496ecb5e535176f60 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -209,4 +209,3 @@ | python3.6-minimal | CVE-2021-23336 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | python3.6-minimal | CVE-2021-3426 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-1ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/docs/apps/stable/cryptofolio/security.md b/docs/apps/stable/cryptofolio/security.md index 34bb4f84b5e..bb168cb828a 100644 --- a/docs/apps/stable/cryptofolio/security.md +++ b/docs/apps/stable/cryptofolio/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:26:17.147Z INFO Detected config files: 1 +2021-12-04T19:26:17.147Z INFO Detected config files: 1 #### cryptofolio/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:26:27.914Z INFO Detected OS: alpine -2021-12-04T19:26:27.914Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:26:27.923Z INFO Number of language-specific files: 0 +2021-12-04T19:26:27.914Z INFO Detected OS: alpine +2021-12-04T19:26:27.914Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:26:27.923Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/cryptofolio:v2.2.0@sha256:e77706dd4748dbdf2665cb53434802a3c2ef85f3d9b1ca809f2615b15758f3d0** -2021-12-04T19:26:40.959Z INFO Detected OS: debian -2021-12-04T19:26:40.959Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:26:41.060Z INFO Number of language-specific files: 0 +2021-12-04T19:26:40.959Z INFO Detected OS: debian +2021-12-04T19:26:40.959Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:26:41.060Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/cryptofolio:v2.2.0@sha256:e77706dd4748dbdf2665cb53434802a3c2ef85f3d9b1ca809f2615b15758f3d0 (debian 11.0) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-39275 | CRITICAL | 2.4.48-3.1+deb11u1 | 2.4.51-1~deb11u1 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.netapp.com/advisory/ntap-20211008-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://ubuntu.com/security/notices/USN-5090-2
https://www.debian.org/security/2021/dsa-4982
| @@ -450,4 +450,3 @@ | perl-modules-5.32 | CVE-2011-4116 | LOW | 5.32.1-4+deb11u1 | |
Click to expand!http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
https://rt.cpan.org/Public/Bug/Display.html?id=69106
https://seclists.org/oss-sec/2011/q4/238
| | re2c | CVE-2018-21232 | LOW | 2.0.3-1 | |
Click to expand!http://www.openwall.com/lists/oss-security/2020/05/14/4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21232
https://github.com/skvadrik/re2c/issues/219
https://www.openwall.com/lists/oss-security/2020/04/27/2
| | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| - diff --git a/docs/apps/stable/custom-app/security.md b/docs/apps/stable/custom-app/security.md index 67084e6e68f..4e36efff945 100644 --- a/docs/apps/stable/custom-app/security.md +++ b/docs/apps/stable/custom-app/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:26:08.209Z INFO Detected config files: 1 +2021-12-04T19:26:08.209Z INFO Detected config files: 1 #### custom-app/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:26:09.405Z INFO Detected OS: alpine -2021-12-04T19:26:09.405Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:26:09.411Z INFO Number of language-specific files: 0 +2021-12-04T19:26:09.405Z INFO Detected OS: alpine +2021-12-04T19:26:09.405Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:26:09.411Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79** -2021-12-04T19:26:26.812Z INFO Detected OS: ubuntu -2021-12-04T19:26:26.812Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:26:26.815Z INFO Number of language-specific files: 1 -2021-12-04T19:26:26.815Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:26:26.812Z INFO Detected OS: ubuntu +2021-12-04T19:26:26.812Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:26:26.815Z INFO Number of language-specific files: 1 +2021-12-04T19:26:26.815Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -150,8 +150,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/davos/security.md b/docs/apps/stable/davos/security.md index 5f944549ab4..8ab6fd80ad8 100644 --- a/docs/apps/stable/davos/security.md +++ b/docs/apps/stable/davos/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:26:07.812Z INFO Detected config files: 1 +2021-12-04T19:26:07.812Z INFO Detected config files: 1 #### davos/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:26:08.804Z INFO Detected OS: alpine -2021-12-04T19:26:08.804Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:26:08.808Z INFO Number of language-specific files: 0 +2021-12-04T19:26:08.804Z INFO Detected OS: alpine +2021-12-04T19:26:08.804Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:26:08.808Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,13 +61,13 @@ **Container: tccr.io/truecharts/davos:v2.2.1-ls76@sha256:f9359583fb20278b436e7b018ee244f2cce1480d6834775f19e9da3503dd0e9b** -2021-12-04T19:26:16.486Z INFO Number of language-specific files: 1 -2021-12-04T19:26:16.486Z INFO Detecting jar vulnerabilities... +2021-12-04T19:26:16.486Z INFO Number of language-specific files: 1 +2021-12-04T19:26:16.486Z INFO Detecting jar vulnerabilities... #### Java - + **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.fasterxml.jackson.core:jackson-databind | CVE-2017-15095 | CRITICAL | 2.8.4 | 2.7.9.2, 2.8.10, 2.9.1 |
Click to expand!http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103880
http://www.securitytracker.com/id/1039769
https://access.redhat.com/errata/RHSA-2017:3189
https://access.redhat.com/errata/RHSA-2017:3190
https://access.redhat.com/errata/RHSA-2018:0342
https://access.redhat.com/errata/RHSA-2018:0478
https://access.redhat.com/errata/RHSA-2018:0479
https://access.redhat.com/errata/RHSA-2018:0480
https://access.redhat.com/errata/RHSA-2018:0481
https://access.redhat.com/errata/RHSA-2018:0576
https://access.redhat.com/errata/RHSA-2018:0577
https://access.redhat.com/errata/RHSA-2018:1447
https://access.redhat.com/errata/RHSA-2018:1448
https://access.redhat.com/errata/RHSA-2018:1449
https://access.redhat.com/errata/RHSA-2018:1450
https://access.redhat.com/errata/RHSA-2018:1451
https://access.redhat.com/errata/RHSA-2018:2927
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/solutions/3442891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095
https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43
https://github.com/FasterXML/jackson-databind/commit/3bfbb835
https://github.com/FasterXML/jackson-databind/commit/ddfddfba
https://github.com/FasterXML/jackson-databind/commit/e8f043d1
https://github.com/FasterXML/jackson-databind/issues/1680
https://github.com/FasterXML/jackson-databind/issues/1723
https://github.com/FasterXML/jackson-databind/issues/1737
https://github.com/advisories/GHSA-h592-38cm-4ggp
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
https://nvd.nist.gov/vuln/detail/CVE-2017-15095
https://security.netapp.com/advisory/ntap-20171214-0003/
https://ubuntu.com/security/notices/USN-4741-1
https://www.debian.org/security/2017/dsa-4037
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
| @@ -166,4 +166,3 @@ | org.springframework:spring-core | CVE-2018-1257 | MEDIUM | 4.3.4.RELEASE | 4.3.17, 5.0.6 |
Click to expand!http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104260
https://access.redhat.com/errata/RHSA-2018:1809
https://access.redhat.com/errata/RHSA-2018:3768
https://github.com/advisories/GHSA-rcpf-vj53-7h2m
https://nvd.nist.gov/vuln/detail/CVE-2018-1257
https://pivotal.io/security/cve-2018-1257
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
| | org.springframework:spring-core | CVE-2018-1271 | MEDIUM | 4.3.4.RELEASE | 4.3.15, 5.0.5 |
Click to expand!http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103699
https://access.redhat.com/errata/RHSA-2018:1320
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2939
https://github.com/advisories/GHSA-g8hw-794c-4j9g
https://nvd.nist.gov/vuln/detail/CVE-2018-1271
https://pivotal.io/security/cve-2018-1271
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
| | org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.17 | 1.26 |
Click to expand!https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack
https://bitbucket.org/asomov/snakeyaml/wiki/Changes
https://github.com/advisories/GHSA-rvwf-54qp-4r6v
https://linux.oracle.com/cve/CVE-2017-18640.html
https://linux.oracle.com/errata/ELSA-2020-4807.html
https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E
https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages
https://nvd.nist.gov/vuln/detail/CVE-2017-18640
https://www.oracle.com/security-alerts/cpuApr2021.html
| - diff --git a/docs/apps/stable/deconz/security.md b/docs/apps/stable/deconz/security.md index da9cf09ede3..f14e4087cd5 100644 --- a/docs/apps/stable/deconz/security.md +++ b/docs/apps/stable/deconz/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:26:42.147Z INFO Detected config files: 1 +2021-12-04T19:26:42.147Z INFO Detected config files: 1 #### deconz/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:26:43.389Z INFO Detected OS: alpine -2021-12-04T19:26:43.389Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:26:43.397Z INFO Number of language-specific files: 0 +2021-12-04T19:26:43.389Z INFO Detected OS: alpine +2021-12-04T19:26:43.389Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:26:43.397Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/deconz:v2.13.01@sha256:92a7a439e6010e21265fa5beaa47b0172bc6b6682f4e2d26bcd43c772ff7ddbd** -2021-12-04T19:27:03.015Z INFO Detected OS: debian -2021-12-04T19:27:03.015Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:27:03.109Z INFO Number of language-specific files: 0 +2021-12-04T19:27:03.015Z INFO Detected OS: debian +2021-12-04T19:27:03.015Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:27:03.109Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/deconz:v2.13.01@sha256:92a7a439e6010e21265fa5beaa47b0172bc6b6682f4e2d26bcd43c772ff7ddbd (debian 10.9) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -655,4 +655,3 @@ | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/docs/apps/stable/deepstack-cpu/security.md b/docs/apps/stable/deepstack-cpu/security.md index 49caf832f86..75cc73480c5 100644 --- a/docs/apps/stable/deepstack-cpu/security.md +++ b/docs/apps/stable/deepstack-cpu/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:27:04.022Z INFO Detected config files: 1 +2021-12-04T19:27:04.022Z INFO Detected config files: 1 #### deepstack-cpu/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:27:04.878Z INFO Detected OS: alpine -2021-12-04T19:27:04.878Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:27:04.884Z INFO Number of language-specific files: 0 +2021-12-04T19:27:04.878Z INFO Detected OS: alpine +2021-12-04T19:27:04.878Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:27:04.884Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/deepstack-cpu:v2021.09.1@sha256:f924cebf518a54bca2ca2ac33911cf3af4dd7403cad371781422436ce4254a28** -2021-12-04T19:27:50.566Z INFO Detected OS: debian -2021-12-04T19:27:50.566Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:27:50.723Z INFO Number of language-specific files: 2 -2021-12-04T19:27:50.723Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:27:50.724Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:27:50.566Z INFO Detected OS: debian +2021-12-04T19:27:50.566Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:27:50.723Z INFO Number of language-specific files: 2 +2021-12-04T19:27:50.723Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:27:50.724Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/deepstack-cpu:v2021.09.1@sha256:f924cebf518a54bca2ca2ac33911cf3af4dd7403cad371781422436ce4254a28 (debian 10.6) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2020-27350 | MEDIUM | 1.8.2.1 | 1.8.2.2 |
Click to expand!https://bugs.launchpad.net/bugs/1899193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350
https://security.netapp.com/advisory/ntap-20210108-0005/
https://ubuntu.com/security/notices/USN-4667-1
https://ubuntu.com/security/notices/USN-4667-2
https://usn.ubuntu.com/usn/usn-4667-1
https://www.debian.org/security/2020/dsa-4808
| @@ -3000,7 +3000,7 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 8.0.1 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -3034,9 +3034,8 @@ | urllib3 | CVE-2021-28363 | MEDIUM | 1.26.2 | 1.26.4 |
Click to expand!https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/docs/apps/stable/deepstack-gpu/security.md b/docs/apps/stable/deepstack-gpu/security.md index d2762e89b6b..863939d8c36 100644 --- a/docs/apps/stable/deepstack-gpu/security.md +++ b/docs/apps/stable/deepstack-gpu/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:27:52.343Z INFO Detected config files: 1 +2021-12-04T19:27:52.343Z INFO Detected config files: 1 #### deepstack-gpu/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:27:58.702Z INFO Detected OS: alpine -2021-12-04T19:27:58.702Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:27:58.711Z INFO Number of language-specific files: 0 +2021-12-04T19:27:58.702Z INFO Detected OS: alpine +2021-12-04T19:27:58.702Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:27:58.711Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/deepstack-gpu:v2021.09.1@sha256:f924cebf518a54bca2ca2ac33911cf3af4dd7403cad371781422436ce4254a28** -2021-12-04T19:28:22.371Z INFO Detected OS: debian -2021-12-04T19:28:22.374Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:28:22.845Z INFO Number of language-specific files: 2 -2021-12-04T19:28:22.845Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:28:22.846Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:28:22.371Z INFO Detected OS: debian +2021-12-04T19:28:22.374Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:28:22.845Z INFO Number of language-specific files: 2 +2021-12-04T19:28:22.845Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:28:22.846Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/deepstack-gpu:v2021.09.1@sha256:f924cebf518a54bca2ca2ac33911cf3af4dd7403cad371781422436ce4254a28 (debian 10.6) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2020-27350 | MEDIUM | 1.8.2.1 | 1.8.2.2 |
Click to expand!https://bugs.launchpad.net/bugs/1899193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350
https://security.netapp.com/advisory/ntap-20210108-0005/
https://ubuntu.com/security/notices/USN-4667-1
https://ubuntu.com/security/notices/USN-4667-2
https://usn.ubuntu.com/usn/usn-4667-1
https://www.debian.org/security/2020/dsa-4808
| @@ -3000,7 +3000,7 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 8.0.1 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -3034,9 +3034,8 @@ | urllib3 | CVE-2021-28363 | MEDIUM | 1.26.2 | 1.26.4 |
Click to expand!https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/docs/apps/stable/deluge/security.md b/docs/apps/stable/deluge/security.md index a4243a44f47..d99934a1117 100644 --- a/docs/apps/stable/deluge/security.md +++ b/docs/apps/stable/deluge/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:27:51.912Z INFO Detected config files: 1 +2021-12-04T19:27:51.912Z INFO Detected config files: 1 #### deluge/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:27:52.943Z INFO Detected OS: alpine -2021-12-04T19:27:52.943Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:27:52.947Z INFO Number of language-specific files: 0 +2021-12-04T19:27:52.943Z INFO Detected OS: alpine +2021-12-04T19:27:52.943Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:27:52.947Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/deluge:version-2.0.3-2201906121747ubuntu18.04.1@sha256:ef71fa2986593ad6fe3d2c3f277f0340c28c0fbcdc8b91c3505b83be71784f08** -2021-12-04T19:27:57.150Z INFO Detected OS: ubuntu -2021-12-04T19:27:57.150Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:27:57.156Z INFO Number of language-specific files: 0 +2021-12-04T19:27:57.150Z INFO Detected OS: ubuntu +2021-12-04T19:27:57.150Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:27:57.156Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/deluge:version-2.0.3-2201906121747ubuntu18.04.1@sha256:ef71fa2986593ad6fe3d2c3f277f0340c28c0fbcdc8b91c3505b83be71784f08 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -225,4 +225,3 @@ | python3.6-minimal | CVE-2021-23336 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | python3.6-minimal | CVE-2021-3426 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-1ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/docs/apps/stable/digikam/security.md b/docs/apps/stable/digikam/security.md index d10cc5b437c..e955389e5ff 100644 --- a/docs/apps/stable/digikam/security.md +++ b/docs/apps/stable/digikam/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:27:53.536Z INFO Detected config files: 1 +2021-12-04T19:27:53.536Z INFO Detected config files: 1 #### digikam/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:27:57.778Z INFO Detected OS: alpine -2021-12-04T19:27:57.778Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:27:57.786Z INFO Number of language-specific files: 0 +2021-12-04T19:27:57.778Z INFO Detected OS: alpine +2021-12-04T19:27:57.778Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:27:57.786Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/digikam:version-7.3.0@sha256:97cc7525c0e77c75933eea57f2aa52b76077837971a7866338d79ea93adb069c** -2021-12-04T19:28:20.999Z INFO Detected OS: ubuntu -2021-12-04T19:28:20.999Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:28:21.008Z INFO Number of language-specific files: 1 -2021-12-04T19:28:21.008Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:28:20.999Z INFO Detected OS: ubuntu +2021-12-04T19:28:20.999Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:28:21.008Z INFO Number of language-specific files: 1 +2021-12-04T19:28:21.008Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/digikam:version-7.3.0@sha256:97cc7525c0e77c75933eea57f2aa52b76077837971a7866338d79ea93adb069c (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -279,9 +279,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/docs/apps/stable/dizquetv/security.md b/docs/apps/stable/dizquetv/security.md index 480f696450a..61ecb398e4f 100644 --- a/docs/apps/stable/dizquetv/security.md +++ b/docs/apps/stable/dizquetv/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:28:29.247Z INFO Detected config files: 1 +2021-12-04T19:28:29.247Z INFO Detected config files: 1 #### dizquetv/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:28:30.141Z INFO Detected OS: alpine -2021-12-04T19:28:30.141Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:28:30.147Z INFO Number of language-specific files: 0 +2021-12-04T19:28:30.141Z INFO Detected OS: alpine +2021-12-04T19:28:30.141Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:28:30.147Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/dizquetv:v1.5.0@sha256:e7fab135e5048700be9635208c5500b830ceddb7fa0b0f9fffd2fcaa645a8374** -2021-12-04T19:28:39.148Z INFO Detected OS: ubuntu -2021-12-04T19:28:39.148Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:28:39.154Z INFO Number of language-specific files: 0 +2021-12-04T19:28:39.148Z INFO Detected OS: ubuntu +2021-12-04T19:28:39.148Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:28:39.154Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/dizquetv:v1.5.0@sha256:e7fab135e5048700be9635208c5500b830ceddb7fa0b0f9fffd2fcaa645a8374 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -131,4 +131,3 @@ | passwd | CVE-2013-4235 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | passwd | CVE-2018-7169 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| - diff --git a/docs/apps/stable/doublecommander/security.md b/docs/apps/stable/doublecommander/security.md index a988dfae8f0..2912bc84d9a 100644 --- a/docs/apps/stable/doublecommander/security.md +++ b/docs/apps/stable/doublecommander/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:28:42.665Z INFO Detected config files: 1 +2021-12-04T19:28:42.665Z INFO Detected config files: 1 #### doublecommander/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:28:43.572Z INFO Detected OS: alpine -2021-12-04T19:28:43.572Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:28:43.583Z INFO Number of language-specific files: 0 +2021-12-04T19:28:43.572Z INFO Detected OS: alpine +2021-12-04T19:28:43.572Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:28:43.583Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/doublecommander:version-0.8.2-1@sha256:9c71e7178c24bdd646fa65e49fd9cef59ad9584eac2d60d59ea3e62ea53d47f9** -2021-12-04T19:28:48.063Z INFO Detected OS: ubuntu -2021-12-04T19:28:48.063Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:28:48.086Z INFO Number of language-specific files: 1 -2021-12-04T19:28:48.086Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:28:48.063Z INFO Detected OS: ubuntu +2021-12-04T19:28:48.063Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:28:48.086Z INFO Number of language-specific files: 1 +2021-12-04T19:28:48.086Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/doublecommander:version-0.8.2-1@sha256:9c71e7178c24bdd646fa65e49fd9cef59ad9584eac2d60d59ea3e62ea53d47f9 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -310,9 +310,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/docs/apps/stable/dsmr-reader/security.md b/docs/apps/stable/dsmr-reader/security.md index bd27f5320d6..ff0e0e6de8d 100644 --- a/docs/apps/stable/dsmr-reader/security.md +++ b/docs/apps/stable/dsmr-reader/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:29:28.696Z INFO Detected config files: 2 +2021-12-04T19:29:28.696Z INFO Detected config files: 2 #### dsmr-reader/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:32.375Z INFO Detected OS: alpine -2021-12-04T19:29:32.375Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:32.385Z INFO Number of language-specific files: 0 +2021-12-04T19:29:32.375Z INFO Detected OS: alpine +2021-12-04T19:29:32.375Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:32.385Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:29:53.342Z INFO Detected OS: debian -2021-12-04T19:29:53.342Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:29:53.398Z INFO Number of language-specific files: 2 -2021-12-04T19:29:53.398Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:29:53.404Z INFO Detecting jar vulnerabilities... +2021-12-04T19:29:53.342Z INFO Detected OS: debian +2021-12-04T19:29:53.342Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:29:53.398Z INFO Number of language-specific files: 2 +2021-12-04T19:29:53.398Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:29:53.404Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,32 +275,32 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/dsmr-reader:v2021.09.02@sha256:4858edb1ae63a20639a0ef9c51c7b2cf599686db5c582ead7b37b2a288122935** **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:54.945Z INFO Detected OS: alpine -2021-12-04T19:29:54.945Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:54.952Z INFO Number of language-specific files: 0 +2021-12-04T19:29:54.945Z INFO Detected OS: alpine +2021-12-04T19:29:54.945Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:54.952Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -328,16 +328,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:29:55.938Z INFO Detected OS: debian -2021-12-04T19:29:55.938Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:29:55.987Z INFO Number of language-specific files: 2 -2021-12-04T19:29:55.987Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:29:55.987Z INFO Detecting jar vulnerabilities... +2021-12-04T19:29:55.938Z INFO Detected OS: debian +2021-12-04T19:29:55.938Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:29:55.987Z INFO Number of language-specific files: 2 +2021-12-04T19:29:55.987Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:29:55.987Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -532,16 +532,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/duplicati/security.md b/docs/apps/stable/duplicati/security.md index eed194ce7f5..dcaf54b818b 100644 --- a/docs/apps/stable/duplicati/security.md +++ b/docs/apps/stable/duplicati/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:29:14.708Z INFO Detected config files: 1 +2021-12-04T19:29:14.708Z INFO Detected config files: 1 #### duplicati/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:16.013Z INFO Detected OS: alpine -2021-12-04T19:29:16.013Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:16.017Z INFO Number of language-specific files: 0 +2021-12-04T19:29:16.013Z INFO Detected OS: alpine +2021-12-04T19:29:16.013Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:16.017Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/duplicati:vbeta@sha256:88147d0b04d6c05a33e3910359e4a429769bf395bd52a0b6a0c91e19b1909965** -2021-12-04T19:29:28.005Z INFO Detected OS: debian -2021-12-04T19:29:28.005Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:29:28.054Z INFO Number of language-specific files: 0 +2021-12-04T19:29:28.005Z INFO Detected OS: debian +2021-12-04T19:29:28.005Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:29:28.054Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/duplicati:vbeta@sha256:88147d0b04d6c05a33e3910359e4a429769bf395bd52a0b6a0c91e19b1909965 (debian 10.9) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -533,4 +533,3 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| - diff --git a/docs/apps/stable/emby/security.md b/docs/apps/stable/emby/security.md index 5865de4cbac..21adcfe04aa 100644 --- a/docs/apps/stable/emby/security.md +++ b/docs/apps/stable/emby/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:29:29.753Z INFO Detected config files: 1 +2021-12-04T19:29:29.753Z INFO Detected config files: 1 #### emby/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:31.475Z INFO Detected OS: alpine -2021-12-04T19:29:31.475Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:31.487Z INFO Number of language-specific files: 0 +2021-12-04T19:29:31.475Z INFO Detected OS: alpine +2021-12-04T19:29:31.475Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:31.487Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/emby:v4.6.7.0@sha256:f2c60cee28b40d6eeeff72cda847eced2d069b410e63a5b0bdbab7783f34ec1b** -2021-12-04T19:29:45.327Z INFO Detected OS: ubuntu -2021-12-04T19:29:45.327Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:29:45.330Z INFO Number of language-specific files: 1 -2021-12-04T19:29:45.330Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:29:45.327Z INFO Detected OS: ubuntu +2021-12-04T19:29:45.327Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:29:45.330Z INFO Number of language-specific files: 1 +2021-12-04T19:29:45.330Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/emby:v4.6.7.0@sha256:f2c60cee28b40d6eeeff72cda847eced2d069b410e63a5b0bdbab7783f34ec1b (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -151,8 +151,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/esphome/security.md b/docs/apps/stable/esphome/security.md index ac29165fa1f..38791ba5fd3 100644 --- a/docs/apps/stable/esphome/security.md +++ b/docs/apps/stable/esphome/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:29:29.209Z INFO Detected config files: 1 +2021-12-04T19:29:29.209Z INFO Detected config files: 1 #### esphome/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:29:30.710Z INFO Detected OS: alpine -2021-12-04T19:29:30.711Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:29:30.723Z INFO Number of language-specific files: 0 +2021-12-04T19:29:30.710Z INFO Detected OS: alpine +2021-12-04T19:29:30.711Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:29:30.723Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/esphome:v2021.11.4@sha256:c4e3f2174e8636578a2a619eef7644f5ac94f427c531eedc31436e47f27b21a3** -2021-12-04T19:29:52.028Z INFO Detected OS: debian -2021-12-04T19:29:52.028Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:29:52.077Z INFO Number of language-specific files: 1 -2021-12-04T19:29:52.077Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:29:52.028Z INFO Detected OS: debian +2021-12-04T19:29:52.028Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:29:52.077Z INFO Number of language-specific files: 1 +2021-12-04T19:29:52.077Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/esphome:v2021.11.4@sha256:c4e3f2174e8636578a2a619eef7644f5ac94f427c531eedc31436e47f27b21a3 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -207,9 +207,6 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/etherpad/security.md b/docs/apps/stable/etherpad/security.md index d40adb6cbd8..62f39a7207d 100644 --- a/docs/apps/stable/etherpad/security.md +++ b/docs/apps/stable/etherpad/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:30:08.158Z INFO Detected config files: 2 +2021-12-04T19:30:08.158Z INFO Detected config files: 2 #### etherpad/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:30:09.081Z INFO Detected OS: alpine -2021-12-04T19:30:09.081Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:30:09.096Z INFO Number of language-specific files: 0 +2021-12-04T19:30:09.081Z INFO Detected OS: alpine +2021-12-04T19:30:09.081Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:30:09.096Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:30:09.968Z INFO Detected OS: debian -2021-12-04T19:30:09.968Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:30:10.027Z INFO Number of language-specific files: 2 -2021-12-04T19:30:10.027Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:30:10.027Z INFO Detecting jar vulnerabilities... +2021-12-04T19:30:09.968Z INFO Detected OS: debian +2021-12-04T19:30:09.968Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:30:10.027Z INFO Number of language-specific files: 2 +2021-12-04T19:30:10.027Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:30:10.027Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/etherpad:version-1.8.14@sha256:4900f0e787ca22cf93090ae44ecceb5689d4427c739e1eb637a6e3a913161bf8** -2021-12-04T19:30:16.654Z INFO Detected OS: alpine -2021-12-04T19:30:16.654Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:30:16.656Z INFO Number of language-specific files: 1 -2021-12-04T19:30:16.656Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:30:16.654Z INFO Detected OS: alpine +2021-12-04T19:30:16.654Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:30:16.656Z INFO Number of language-specific files: 1 +2021-12-04T19:30:16.656Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/etherpad:version-1.8.14@sha256:4900f0e787ca22cf93090ae44ecceb5689d4427c739e1eb637a6e3a913161bf8 (alpine 3.14.0) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.12.5-r1 | 2.12.6-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -343,7 +343,7 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r2 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -361,14 +361,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:30:17.520Z INFO Detected OS: alpine -2021-12-04T19:30:17.520Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:30:17.528Z INFO Number of language-specific files: 0 +2021-12-04T19:30:17.520Z INFO Detected OS: alpine +2021-12-04T19:30:17.520Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:30:17.528Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -396,16 +396,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:30:18.314Z INFO Detected OS: debian -2021-12-04T19:30:18.314Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:30:18.364Z INFO Number of language-specific files: 2 -2021-12-04T19:30:18.364Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:30:18.365Z INFO Detecting jar vulnerabilities... +2021-12-04T19:30:18.314Z INFO Detected OS: debian +2021-12-04T19:30:18.314Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:30:18.364Z INFO Number of language-specific files: 2 +2021-12-04T19:30:18.364Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:30:18.365Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -600,16 +600,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/external-service/security.md b/docs/apps/stable/external-service/security.md index 1c7d4ae6eff..382adfce433 100644 --- a/docs/apps/stable/external-service/security.md +++ b/docs/apps/stable/external-service/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:30:32.117Z INFO Detected config files: 1 +2021-12-04T19:30:32.117Z INFO Detected config files: 1 #### external-service/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -21,4 +21,3 @@ ##### Scan Results - diff --git a/docs/apps/stable/filezilla/security.md b/docs/apps/stable/filezilla/security.md index b5d39052d4a..2e4f0f300e3 100644 --- a/docs/apps/stable/filezilla/security.md +++ b/docs/apps/stable/filezilla/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:30:40.280Z INFO Detected config files: 1 +2021-12-04T19:30:40.280Z INFO Detected config files: 1 #### filezilla/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:30:41.150Z INFO Detected OS: alpine -2021-12-04T19:30:41.150Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:30:41.158Z INFO Number of language-specific files: 0 +2021-12-04T19:30:41.150Z INFO Detected OS: alpine +2021-12-04T19:30:41.150Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:30:41.158Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,15 @@ **Container: tccr.io/truecharts/filezilla:version-3.51.0-r1@sha256:92421eae5b47e6e98d5157db3f6a453ab0d7733a693b5e8724edeef4090593eb** -2021-12-04T19:30:59.589Z INFO Number of language-specific files: 1 -2021-12-04T19:30:59.589Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:30:59.589Z INFO Number of language-specific files: 1 +2021-12-04T19:30:59.589Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/docs/apps/stable/fireflyiii/security.md b/docs/apps/stable/fireflyiii/security.md index d9b4ed71be3..9a53c87c0e6 100644 --- a/docs/apps/stable/fireflyiii/security.md +++ b/docs/apps/stable/fireflyiii/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:31:00.565Z INFO Detected config files: 2 +2021-12-04T19:31:00.565Z INFO Detected config files: 2 #### fireflyiii/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:01.710Z INFO Detected OS: alpine -2021-12-04T19:31:01.710Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:01.722Z INFO Number of language-specific files: 0 +2021-12-04T19:31:01.710Z INFO Detected OS: alpine +2021-12-04T19:31:01.710Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:01.722Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:31:02.756Z INFO Detected OS: debian -2021-12-04T19:31:02.756Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:02.820Z INFO Number of language-specific files: 2 -2021-12-04T19:31:02.821Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:31:02.821Z INFO Detecting jar vulnerabilities... +2021-12-04T19:31:02.756Z INFO Detected OS: debian +2021-12-04T19:31:02.756Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:02.820Z INFO Number of language-specific files: 2 +2021-12-04T19:31:02.821Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:31:02.821Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/fireflyiii-core:version-5.5.12@sha256:f6dddfae65571d7995d5b24bf28fdf453775b825c35cac0c48b8ce52449090cf** -2021-12-04T19:31:17.470Z INFO Detected OS: debian -2021-12-04T19:31:17.470Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:17.553Z INFO Number of language-specific files: 1 -2021-12-04T19:31:17.553Z INFO Detecting composer vulnerabilities... +2021-12-04T19:31:17.470Z INFO Detected OS: debian +2021-12-04T19:31:17.470Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:17.553Z INFO Number of language-specific files: 1 +2021-12-04T19:31:17.553Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/fireflyiii-core:version-5.5.12@sha256:f6dddfae65571d7995d5b24bf28fdf453775b825c35cac0c48b8ce52449090cf (debian 10.10) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2021-26691 | CRITICAL | 2.4.38-3+deb10u4 | 2.4.38-3+deb10u5 |
Click to expand!http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
https://linux.oracle.com/cve/CVE-2021-26691.html
https://linux.oracle.com/errata/ELSA-2021-3816.html
https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://ubuntu.com/security/notices/USN-4994-2
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -1064,7 +1064,7 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | doctrine/dbal | CVE-2021-43608 | CRITICAL | 3.1.0 | 3.0.99, 3.1.4 |
Click to expand!https://github.com/advisories/GHSA-r7cj-8hjg-x622
https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
| @@ -1074,14 +1074,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:18.798Z INFO Detected OS: alpine -2021-12-04T19:31:18.798Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:18.805Z INFO Number of language-specific files: 0 +2021-12-04T19:31:18.798Z INFO Detected OS: alpine +2021-12-04T19:31:18.798Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:18.805Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1109,16 +1109,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:31:19.616Z INFO Detected OS: debian -2021-12-04T19:31:19.616Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:19.663Z INFO Number of language-specific files: 2 -2021-12-04T19:31:19.663Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:31:19.663Z INFO Detecting jar vulnerabilities... +2021-12-04T19:31:19.616Z INFO Detected OS: debian +2021-12-04T19:31:19.616Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:19.663Z INFO Number of language-specific files: 2 +2021-12-04T19:31:19.663Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:31:19.663Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1313,16 +1313,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/firefox-syncserver/security.md b/docs/apps/stable/firefox-syncserver/security.md index bc9ad837bb7..5f54b19343f 100644 --- a/docs/apps/stable/firefox-syncserver/security.md +++ b/docs/apps/stable/firefox-syncserver/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:31:23.724Z INFO Detected config files: 2 +2021-12-04T19:31:23.724Z INFO Detected config files: 2 #### firefox-syncserver/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:24.962Z INFO Detected OS: alpine -2021-12-04T19:31:24.963Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:24.969Z INFO Number of language-specific files: 0 +2021-12-04T19:31:24.962Z INFO Detected OS: alpine +2021-12-04T19:31:24.963Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:24.969Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:31:36.631Z INFO Detected OS: debian -2021-12-04T19:31:36.631Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:36.679Z INFO Number of language-specific files: 2 -2021-12-04T19:31:36.679Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:31:36.679Z INFO Detecting jar vulnerabilities... +2021-12-04T19:31:36.631Z INFO Detected OS: debian +2021-12-04T19:31:36.631Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:36.679Z INFO Number of language-specific files: 2 +2021-12-04T19:31:36.679Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:31:36.679Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,32 +275,32 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/firefox-syncserver:v1.8.0@sha256:d0fbf65c8c7a99ad4ba7ffcfdad2e7b2555e0d829867c21cefc9314ace94f747** -2021-12-04T19:31:42.917Z INFO Detected OS: alpine -2021-12-04T19:31:42.917Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:42.933Z INFO Number of language-specific files: 1 -2021-12-04T19:31:42.933Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:31:42.959Z WARN This OS version is no longer supported by the distribution: alpine 3.10.4 -2021-12-04T19:31:42.959Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:31:42.917Z INFO Detected OS: alpine +2021-12-04T19:31:42.917Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:42.933Z INFO Number of language-specific files: 1 +2021-12-04T19:31:42.933Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:31:42.959Z WARN This OS version is no longer supported by the distribution: alpine 3.10.4 +2021-12-04T19:31:42.959Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/firefox-syncserver:v1.8.0@sha256:d0fbf65c8c7a99ad4ba7ffcfdad2e7b2555e0d829867c21cefc9314ace94f747 (alpine 3.10.4) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.4-r2 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -350,7 +350,7 @@ | ssl_client | CVE-2021-28831 | HIGH | 1.30.1-r3 | 1.30.1-r5 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Python | CVE-2021-3177 | CRITICAL | 2.7.18 | 3.6.13, 3.7.10, 3.8.8, 3.9.2 |
Click to expand!https://bugs.python.org/issue42938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
https://github.com/python/cpython/pull/24239
https://linux.oracle.com/cve/CVE-2021-3177.html
https://linux.oracle.com/errata/ELSA-2021-9130.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/
https://news.ycombinator.com/item?id=26185005
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
https://security.gentoo.org/glsa/202101-18
https://security.netapp.com/advisory/ntap-20210226-0003/
https://ubuntu.com/security/notices/USN-4754-1
https://ubuntu.com/security/notices/USN-4754-2 (regression in python2.7)
https://ubuntu.com/security/notices/USN-4754-3
https://ubuntu.com/security/notices/USN-4754-4
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -388,14 +388,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:44.473Z INFO Detected OS: alpine -2021-12-04T19:31:44.473Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:44.481Z INFO Number of language-specific files: 0 +2021-12-04T19:31:44.473Z INFO Detected OS: alpine +2021-12-04T19:31:44.473Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:44.481Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -423,16 +423,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:31:45.692Z INFO Detected OS: debian -2021-12-04T19:31:45.692Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:31:45.738Z INFO Number of language-specific files: 2 -2021-12-04T19:31:45.738Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:31:45.739Z INFO Detecting jar vulnerabilities... +2021-12-04T19:31:45.692Z INFO Detected OS: debian +2021-12-04T19:31:45.692Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:31:45.738Z INFO Number of language-specific files: 2 +2021-12-04T19:31:45.738Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:31:45.739Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -627,16 +627,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/flaresolverr/security.md b/docs/apps/stable/flaresolverr/security.md index 9ba5041728c..e948bf0fc04 100644 --- a/docs/apps/stable/flaresolverr/security.md +++ b/docs/apps/stable/flaresolverr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:31:22.518Z INFO Detected config files: 1 +2021-12-04T19:31:22.518Z INFO Detected config files: 1 #### flaresolverr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:24.356Z INFO Detected OS: alpine -2021-12-04T19:31:24.356Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:24.362Z INFO Number of language-specific files: 0 +2021-12-04T19:31:24.356Z INFO Detected OS: alpine +2021-12-04T19:31:24.356Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:24.362Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/flaresolverr:v2.0.2@sha256:80ece1e679d8a569ed538a6b0a48449703723d4941ea851b3a1fedc20428ad4b** -2021-12-04T19:31:35.798Z INFO Detected OS: alpine -2021-12-04T19:31:35.798Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:35.817Z INFO Number of language-specific files: 1 -2021-12-04T19:31:35.817Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:31:35.798Z INFO Detected OS: alpine +2021-12-04T19:31:35.798Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:35.817Z INFO Number of language-specific files: 1 +2021-12-04T19:31:35.817Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/flaresolverr:v2.0.2@sha256:80ece1e679d8a569ed538a6b0a48449703723d4941ea851b3a1fedc20428ad4b (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -99,9 +99,8 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 5.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| - diff --git a/docs/apps/stable/flood/security.md b/docs/apps/stable/flood/security.md index 8ec466131ee..e25189a7ca3 100644 --- a/docs/apps/stable/flood/security.md +++ b/docs/apps/stable/flood/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:31:45.091Z INFO Detected config files: 1 +2021-12-04T19:31:45.091Z INFO Detected config files: 1 #### flood/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:31:46.819Z INFO Detected OS: alpine -2021-12-04T19:31:46.819Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:46.833Z INFO Number of language-specific files: 0 +2021-12-04T19:31:46.819Z INFO Detected OS: alpine +2021-12-04T19:31:46.819Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:46.833Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/flood:v4.7.0@sha256:6ad4f3eb39e6b04d1632dd0436031377eb35759e0edcd56a95e5dd8c58c09ed8** -2021-12-04T19:31:53.208Z INFO Detected OS: alpine -2021-12-04T19:31:53.208Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:31:53.213Z INFO Number of language-specific files: 1 -2021-12-04T19:31:53.213Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:31:53.208Z INFO Detected OS: alpine +2021-12-04T19:31:53.208Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:31:53.213Z INFO Number of language-specific files: 1 +2021-12-04T19:31:53.213Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/flood:v4.7.0@sha256:6ad4f3eb39e6b04d1632dd0436031377eb35759e0edcd56a95e5dd8c58c09ed8 (alpine 3.13.6) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -96,10 +96,9 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 5.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| - diff --git a/docs/apps/stable/focalboard/security.md b/docs/apps/stable/focalboard/security.md index 7f5ecc96c56..5ffc9d4748a 100644 --- a/docs/apps/stable/focalboard/security.md +++ b/docs/apps/stable/focalboard/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:32:09.126Z INFO Detected config files: 1 +2021-12-04T19:32:09.126Z INFO Detected config files: 1 #### focalboard/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:32:09.916Z INFO Detected OS: alpine -2021-12-04T19:32:09.916Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:32:09.923Z INFO Number of language-specific files: 0 +2021-12-04T19:32:09.916Z INFO Detected OS: alpine +2021-12-04T19:32:09.916Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:32:09.923Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/focalboard:v0.8.0@sha256:dfd035116b3f17dd01d82b13cf1823cb8fc2663a9bdc8defe6827481ea9a9c66** -2021-12-04T19:32:15.056Z INFO Detected OS: ubuntu -2021-12-04T19:32:15.056Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:32:15.057Z INFO Number of language-specific files: 1 -2021-12-04T19:32:15.057Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:32:15.056Z INFO Detected OS: ubuntu +2021-12-04T19:32:15.056Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:32:15.057Z INFO Number of language-specific files: 1 +2021-12-04T19:32:15.057Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/focalboard:v0.8.0@sha256:dfd035116b3f17dd01d82b13cf1823cb8fc2663a9bdc8defe6827481ea9a9c66 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -112,8 +112,7 @@ | perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/tidwall/gjson | CVE-2021-42836 | HIGH | v1.7.3 | v1.9.3 |
Click to expand!https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3
https://github.com/tidwall/gjson/issues/236
https://github.com/tidwall/gjson/issues/237
https://nvd.nist.gov/vuln/detail/CVE-2021-42836
| - diff --git a/docs/apps/stable/fossil/security.md b/docs/apps/stable/fossil/security.md index 6a01bf651dc..08f134e7cbf 100644 --- a/docs/apps/stable/fossil/security.md +++ b/docs/apps/stable/fossil/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:32:21.526Z INFO Detected config files: 1 +2021-12-04T19:32:21.526Z INFO Detected config files: 1 #### fossil/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:32:22.618Z INFO Detected OS: alpine -2021-12-04T19:32:22.618Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:32:22.622Z INFO Number of language-specific files: 0 +2021-12-04T19:32:22.618Z INFO Detected OS: alpine +2021-12-04T19:32:22.618Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:32:22.622Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/fossil:v2.15.1-ls4@sha256:5894297e0c90a431a7e93382054ac120e10860c132fce1ac35467c74c900e330** -2021-12-04T19:32:24.806Z INFO Number of language-specific files: 0 +2021-12-04T19:32:24.806Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/freeradius/security.md b/docs/apps/stable/freeradius/security.md index b2b320a45fb..f1708b5f91a 100644 --- a/docs/apps/stable/freeradius/security.md +++ b/docs/apps/stable/freeradius/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:32:38.451Z INFO Detected config files: 1 +2021-12-04T19:32:38.451Z INFO Detected config files: 1 #### freeradius/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:32:39.248Z INFO Detected OS: alpine -2021-12-04T19:32:39.248Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:32:39.256Z INFO Number of language-specific files: 0 +2021-12-04T19:32:39.248Z INFO Detected OS: alpine +2021-12-04T19:32:39.248Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:32:39.256Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/freeradius:v3.0.23@sha256:21454da0a4f4950dd9b97e82de5b56556fdf2bf38f60ae427852b74a2622c972** -2021-12-04T19:32:43.657Z INFO Detected OS: ubuntu -2021-12-04T19:32:43.657Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:32:43.682Z INFO Number of language-specific files: 0 +2021-12-04T19:32:43.657Z INFO Detected OS: ubuntu +2021-12-04T19:32:43.657Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:32:43.682Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/freeradius:v3.0.23@sha256:21454da0a4f4950dd9b97e82de5b56556fdf2bf38f60ae427852b74a2622c972 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -213,4 +213,3 @@ | perl | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| | perl-modules-5.26 | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| - diff --git a/docs/apps/stable/freshrss/security.md b/docs/apps/stable/freshrss/security.md index ce28ba3c5e3..c5e7596a8d7 100644 --- a/docs/apps/stable/freshrss/security.md +++ b/docs/apps/stable/freshrss/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:32:44.337Z INFO Detected config files: 1 +2021-12-04T19:32:44.337Z INFO Detected config files: 1 #### freshrss/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:32:45.022Z INFO Detected OS: alpine -2021-12-04T19:32:45.022Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:32:45.025Z INFO Number of language-specific files: 0 +2021-12-04T19:32:45.022Z INFO Detected OS: alpine +2021-12-04T19:32:45.022Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:32:45.025Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/freshrss:version-1.18.1@sha256:3fc8ef788681ba2c5026453131603fa4dda3b23f855ce2a6c467004eb38a09ec** -2021-12-04T19:32:49.565Z INFO Number of language-specific files: 0 +2021-12-04T19:32:49.565Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/gaps/security.md b/docs/apps/stable/gaps/security.md index a9fdea170fd..d0d185f913c 100644 --- a/docs/apps/stable/gaps/security.md +++ b/docs/apps/stable/gaps/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:33:01.952Z INFO Detected config files: 1 +2021-12-04T19:33:01.952Z INFO Detected config files: 1 #### gaps/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:02.815Z INFO Detected OS: alpine -2021-12-04T19:33:02.815Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:02.822Z INFO Number of language-specific files: 0 +2021-12-04T19:33:02.815Z INFO Detected OS: alpine +2021-12-04T19:33:02.815Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:02.822Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/gaps:v0.8.8@sha256:7f7d33e4279f55bfaf5ea1a7e071b4266794052eddaba2294ab29be45a2133bf** -2021-12-04T19:33:17.654Z INFO Detected OS: ubuntu -2021-12-04T19:33:17.654Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:33:17.657Z INFO Number of language-specific files: 1 -2021-12-04T19:33:17.657Z INFO Detecting jar vulnerabilities... +2021-12-04T19:33:17.654Z INFO Detected OS: ubuntu +2021-12-04T19:33:17.654Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:33:17.657Z INFO Number of language-specific files: 1 +2021-12-04T19:33:17.657Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/gaps:v0.8.8@sha256:7f7d33e4279f55bfaf5ea1a7e071b4266794052eddaba2294ab29be45a2133bf (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -200,7 +200,7 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-7 | 1.30+dfsg-7ubuntu0.20.04.1 |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2020-17527 | HIGH | 9.0.39 | 8.5.60, 9.0.40, 10.0.2 |
Click to expand!http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M10
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40
http://www.openwall.com/lists/oss-security/2020/12/03/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527
https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60)
https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40)
https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html
https://nvd.nist.gov/vuln/detail/CVE-2020-17527
https://security.gentoo.org/glsa/202012-23
https://security.netapp.com/advisory/ntap-20201210-0003/
https://www.debian.org/security/2021/dsa-4835
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
| @@ -215,4 +215,3 @@ | org.springframework.security:spring-security-core | CVE-2021-22119 | HIGH | 5.4.1 | 5.2.11.RELEASE, 5.3.10.RELEASE, 5.4.7, 5.5.1 |
Click to expand!https://github.com/advisories/GHSA-w9jg-gvgr-354m
https://github.com/spring-projects/spring-security/pull/9513
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22119
https://tanzu.vmware.com/security/cve-2021-22119
| | org.springframework.security:spring-security-web | CVE-2021-22112 | HIGH | 5.4.1 | 5.3.8, 5.4.4, 5.2.9 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/7
https://github.com/advisories/GHSA-gq28-h5vg-8prx
https://github.com/spring-projects/spring-security/releases/tag/5.4.4
https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-22112
https://tanzu.vmware.com/security/cve-2021-22112
https://www.jenkins.io/security/advisory/2021-02-19/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.thymeleaf:thymeleaf-spring5 | CVE-2021-43466 | CRITICAL | 3.0.11.RELEASE | |
Click to expand!https://gitee.com/wayne_wwang/wayne_wwang/blob/master/2021/10/31/ruoyi+thymeleaf-rce/index.html
https://github.com/advisories/GHSA-qcj6-jqrg-4wp2
https://nvd.nist.gov/vuln/detail/CVE-2021-43466
| - diff --git a/docs/apps/stable/gitea/security.md b/docs/apps/stable/gitea/security.md index 2d98f2f438b..9acc6072077 100644 --- a/docs/apps/stable/gitea/security.md +++ b/docs/apps/stable/gitea/security.md @@ -4,30 +4,30 @@ ##### Scan Results -2021-12-04T19:33:29.384Z INFO Detected config files: 3 +2021-12-04T19:33:29.384Z INFO Detected config files: 3 #### gitea/charts/memcached/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -47,14 +47,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:30.767Z INFO Detected OS: alpine -2021-12-04T19:33:30.767Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:30.777Z INFO Number of language-specific files: 0 +2021-12-04T19:33:30.767Z INFO Detected OS: alpine +2021-12-04T19:33:30.767Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:30.777Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -82,16 +82,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:33:31.564Z INFO Detected OS: debian -2021-12-04T19:33:31.564Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:33:31.601Z INFO Number of language-specific files: 2 -2021-12-04T19:33:31.601Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:33:31.602Z INFO Detecting jar vulnerabilities... +2021-12-04T19:33:31.564Z INFO Detected OS: debian +2021-12-04T19:33:31.564Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:33:31.601Z INFO Number of language-specific files: 2 +2021-12-04T19:33:31.601Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:31.602Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -286,18 +286,18 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: 'tccr.io/truecharts/gitea:v1.15.7-rootless'** @@ -307,44 +307,44 @@ **Container: tccr.io/truecharts/gitea:v1.15.7-rootless** -2021-12-04T19:33:37.721Z INFO Detected OS: alpine -2021-12-04T19:33:37.721Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:37.723Z INFO Number of language-specific files: 2 -2021-12-04T19:33:37.723Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:37.721Z INFO Detected OS: alpine +2021-12-04T19:33:37.721Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:37.723Z INFO Number of language-specific files: 2 +2021-12-04T19:33:37.723Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/gitea:v1.15.7-rootless (alpine 3.13.7) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:42.749Z INFO Detected OS: alpine -2021-12-04T19:33:42.749Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:42.755Z INFO Number of language-specific files: 0 +2021-12-04T19:33:42.749Z INFO Detected OS: alpine +2021-12-04T19:33:42.749Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:42.755Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -372,15 +372,15 @@ **Container: tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569** -2021-12-04T19:33:45.053Z INFO Detected OS: debian -2021-12-04T19:33:45.053Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:33:45.090Z INFO Number of language-specific files: 1 -2021-12-04T19:33:45.090Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:45.053Z INFO Detected OS: debian +2021-12-04T19:33:45.053Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:33:45.090Z INFO Number of language-specific files: 1 +2021-12-04T19:33:45.090Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -527,22 +527,22 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:46.801Z INFO Detected OS: alpine -2021-12-04T19:33:46.801Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:46.808Z INFO Number of language-specific files: 0 +2021-12-04T19:33:46.801Z INFO Detected OS: alpine +2021-12-04T19:33:46.801Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:46.808Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -570,16 +570,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:33:51.118Z INFO Detected OS: debian -2021-12-04T19:33:51.118Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:33:51.184Z INFO Number of language-specific files: 2 -2021-12-04T19:33:51.184Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:33:51.184Z INFO Detecting jar vulnerabilities... +2021-12-04T19:33:51.118Z INFO Detected OS: debian +2021-12-04T19:33:51.118Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:33:51.184Z INFO Number of language-specific files: 2 +2021-12-04T19:33:51.184Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:51.184Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -774,16 +774,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/golinks/security.md b/docs/apps/stable/golinks/security.md index 2064272d9bf..10cab117f33 100644 --- a/docs/apps/stable/golinks/security.md +++ b/docs/apps/stable/golinks/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:33:32.350Z INFO Detected config files: 1 +2021-12-04T19:33:32.350Z INFO Detected config files: 1 #### golinks/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:33.151Z INFO Detected OS: alpine -2021-12-04T19:33:33.151Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:33.155Z INFO Number of language-specific files: 0 +2021-12-04T19:33:33.151Z INFO Detected OS: alpine +2021-12-04T19:33:33.151Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:33.155Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/golinks:version-154c581@sha256:144d59d23c3b6580403e1a06b3567ac97c638205bc139ba54e058450d6564c73** -2021-12-04T19:33:41.563Z INFO Number of language-specific files: 1 -2021-12-04T19:33:41.563Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:41.563Z INFO Number of language-specific files: 1 +2021-12-04T19:33:41.563Z INFO Detecting gobinary vulnerabilities... #### app/golinks - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/gonic/security.md b/docs/apps/stable/gonic/security.md index 059d1ddd290..5d4da517293 100644 --- a/docs/apps/stable/gonic/security.md +++ b/docs/apps/stable/gonic/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:33:43.527Z INFO Detected config files: 1 +2021-12-04T19:33:43.527Z INFO Detected config files: 1 #### gonic/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:33:46.150Z INFO Detected OS: alpine -2021-12-04T19:33:46.150Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:46.159Z INFO Number of language-specific files: 0 +2021-12-04T19:33:46.150Z INFO Detected OS: alpine +2021-12-04T19:33:46.150Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:46.159Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/gonic:v0.14.0@sha256:d0316271fcec20816f5f3f5e8ca470426e551f2f6de83845d474a2a7827a6f34** -2021-12-04T19:33:50.499Z INFO Detected OS: alpine -2021-12-04T19:33:50.499Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:33:50.517Z INFO Number of language-specific files: 1 -2021-12-04T19:33:50.517Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:33:50.499Z INFO Detected OS: alpine +2021-12-04T19:33:50.499Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:33:50.517Z INFO Number of language-specific files: 1 +2021-12-04T19:33:50.517Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/gonic:v0.14.0@sha256:d0316271fcec20816f5f3f5e8ca470426e551f2f6de83845d474a2a7827a6f34 (alpine 3.13.5) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.12.5-r0 | 2.12.6-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -125,9 +125,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/gotify/security.md b/docs/apps/stable/gotify/security.md index 48b688567c7..9f221f30be9 100644 --- a/docs/apps/stable/gotify/security.md +++ b/docs/apps/stable/gotify/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:34:01.312Z INFO Detected config files: 2 +2021-12-04T19:34:01.312Z INFO Detected config files: 2 #### gotify/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:02.142Z INFO Detected OS: alpine -2021-12-04T19:34:02.142Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:02.148Z INFO Number of language-specific files: 0 +2021-12-04T19:34:02.142Z INFO Detected OS: alpine +2021-12-04T19:34:02.142Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:02.148Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:34:02.981Z INFO Detected OS: debian -2021-12-04T19:34:02.981Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:34:03.026Z INFO Number of language-specific files: 2 -2021-12-04T19:34:03.026Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:34:03.026Z INFO Detecting jar vulnerabilities... +2021-12-04T19:34:02.981Z INFO Detected OS: debian +2021-12-04T19:34:02.981Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:34:03.026Z INFO Number of language-specific files: 2 +2021-12-04T19:34:03.026Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:34:03.026Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/gotify-server:v2.1.0@sha256:a2edccce285e1303ce7d3be3f2cb001d40aaa24182581f772ce23c1e8d1b7d20** -2021-12-04T19:34:07.744Z INFO Detected OS: debian -2021-12-04T19:34:07.744Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:34:07.791Z INFO Number of language-specific files: 1 -2021-12-04T19:34:07.792Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:34:07.744Z INFO Detected OS: debian +2021-12-04T19:34:07.744Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:34:07.791Z INFO Number of language-specific files: 1 +2021-12-04T19:34:07.792Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/gotify-server:v2.1.0@sha256:a2edccce285e1303ce7d3be3f2cb001d40aaa24182581f772ce23c1e8d1b7d20 (debian 11.0) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -392,22 +392,22 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:09.100Z INFO Detected OS: alpine -2021-12-04T19:34:09.100Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:09.111Z INFO Number of language-specific files: 0 +2021-12-04T19:34:09.100Z INFO Detected OS: alpine +2021-12-04T19:34:09.100Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:09.111Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -435,16 +435,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:34:09.900Z INFO Detected OS: debian -2021-12-04T19:34:09.900Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:34:09.954Z INFO Number of language-specific files: 2 -2021-12-04T19:34:09.954Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:34:09.954Z INFO Detecting jar vulnerabilities... +2021-12-04T19:34:09.900Z INFO Detected OS: debian +2021-12-04T19:34:09.900Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:34:09.954Z INFO Number of language-specific files: 2 +2021-12-04T19:34:09.954Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:34:09.954Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -639,16 +639,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/grafana/security.md b/docs/apps/stable/grafana/security.md index 904065ba2f1..49b5d5a376c 100644 --- a/docs/apps/stable/grafana/security.md +++ b/docs/apps/stable/grafana/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:34:25.747Z INFO Detected config files: 1 +2021-12-04T19:34:25.747Z INFO Detected config files: 1 #### grafana/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:26.541Z INFO Detected OS: alpine -2021-12-04T19:34:26.541Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:26.546Z INFO Number of language-specific files: 0 +2021-12-04T19:34:26.541Z INFO Detected OS: alpine +2021-12-04T19:34:26.541Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:26.546Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/grafana:v8.3.0@sha256:d0e471cc547dae02bcd7ae1355ad98b280ea11a1b3bd902217662670c4c2d4fe** -2021-12-04T19:34:35.709Z INFO Detected OS: debian -2021-12-04T19:34:35.709Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:34:35.739Z INFO Number of language-specific files: 3 -2021-12-04T19:34:35.739Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:34:35.709Z INFO Detected OS: debian +2021-12-04T19:34:35.709Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:34:35.739Z INFO Number of language-specific files: 3 +2021-12-04T19:34:35.739Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/grafana:v8.3.0@sha256:d0e471cc547dae02bcd7ae1355ad98b280ea11a1b3bd902217662670c4c2d4fe (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -220,22 +220,21 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/grafana/loki | CVE-2021-36156 | MEDIUM | v1.6.2-0.20211015002020-7832783b1caa | v2.3.0 |
Click to expand!https://github.com/grafana/loki/pull/4020#issue-694377133
https://github.com/grafana/loki/releases/tag/v2.3.0
https://nvd.nist.gov/vuln/detail/CVE-2021-36156
| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| - diff --git a/docs/apps/stable/grav/security.md b/docs/apps/stable/grav/security.md index 77382b3ae8c..51b586c839a 100644 --- a/docs/apps/stable/grav/security.md +++ b/docs/apps/stable/grav/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:34:38.787Z INFO Detected config files: 1 +2021-12-04T19:34:38.787Z INFO Detected config files: 1 #### grav/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:39.547Z INFO Detected OS: alpine -2021-12-04T19:34:39.547Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:39.554Z INFO Number of language-specific files: 0 +2021-12-04T19:34:39.547Z INFO Detected OS: alpine +2021-12-04T19:34:39.547Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:39.554Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,51 +61,48 @@ **Container: tccr.io/truecharts/grav:version-1.7.18@sha256:709e672ef2cbe1235d896ed9bac213d773abfe70b37925f5870a8a925a047e16** -2021-12-04T19:34:47.108Z INFO Number of language-specific files: 6 -2021-12-04T19:34:47.108Z INFO Detecting composer vulnerabilities... -2021-12-04T19:34:47.112Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:34:47.108Z INFO Number of language-specific files: 6 +2021-12-04T19:34:47.108Z INFO Detecting composer vulnerabilities... +2021-12-04T19:34:47.112Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/grocy/security.md b/docs/apps/stable/grocy/security.md index 5ae7bd7044e..fe74f6ebabe 100644 --- a/docs/apps/stable/grocy/security.md +++ b/docs/apps/stable/grocy/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:34:49.810Z INFO Detected config files: 1 +2021-12-04T19:34:49.810Z INFO Detected config files: 1 #### grocy/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:34:50.709Z INFO Detected OS: alpine -2021-12-04T19:34:50.709Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:34:50.716Z INFO Number of language-specific files: 0 +2021-12-04T19:34:50.709Z INFO Detected OS: alpine +2021-12-04T19:34:50.709Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:34:50.716Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/grocy:version-v3.1.1@sha256:5c036b40671fcddb2a53edceacb1dc2d03df2b2bf1c0b97e5d820c0b84d6faab** -2021-12-04T19:35:01.113Z INFO Number of language-specific files: 2 -2021-12-04T19:35:01.113Z INFO Detecting composer vulnerabilities... -2021-12-04T19:35:01.116Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:35:01.113Z INFO Number of language-specific files: 2 +2021-12-04T19:35:01.113Z INFO Detecting composer vulnerabilities... +2021-12-04T19:35:01.116Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bootbox | GHSA-87mg-h5r3-hw88 | MEDIUM | 5.5.2 | |
Click to expand!https://github.com/advisories/GHSA-87mg-h5r3-hw88
https://github.com/makeusabrew/bootbox/issues/661
https://hackerone.com/reports/508446
https://www.npmjs.com/advisories/882
| @@ -85,9 +85,6 @@ | moment | CVE-2017-18214 | HIGH | 2.18.1 | 2.19.3 |
Click to expand!https://github.com/advisories/GHSA-446m-mv8f-q348
https://github.com/moment/moment/issues/4163
https://github.com/moment/moment/pull/4326
https://nodesecurity.io/advisories/532
https://nvd.nist.gov/vuln/detail/CVE-2017-18214
https://www.npmjs.com/advisories/532
https://www.tenable.com/security/tns-2019-02
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/handbrake/security.md b/docs/apps/stable/handbrake/security.md index 701d95004a9..c4976d11373 100644 --- a/docs/apps/stable/handbrake/security.md +++ b/docs/apps/stable/handbrake/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:35:04.912Z INFO Detected config files: 1 +2021-12-04T19:35:04.912Z INFO Detected config files: 1 #### handbrake/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:35:05.893Z INFO Detected OS: alpine -2021-12-04T19:35:05.893Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:05.898Z INFO Number of language-specific files: 0 +2021-12-04T19:35:05.893Z INFO Detected OS: alpine +2021-12-04T19:35:05.893Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:05.898Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/handbrake:v1.24.2@sha256:312ddf5ec046fd0ca3f84015b55c8b4cbe1d6e8340ffcaf244489592a3fc92da** -2021-12-04T19:35:16.598Z INFO Detected OS: alpine -2021-12-04T19:35:16.598Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:16.609Z INFO Number of language-specific files: 0 +2021-12-04T19:35:16.598Z INFO Detected OS: alpine +2021-12-04T19:35:16.598Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:16.609Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/handbrake:v1.24.2@sha256:312ddf5ec046fd0ca3f84015b55c8b4cbe1d6e8340ffcaf244489592a3fc92da (alpine 3.12.6) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -103,4 +103,3 @@ | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | xvfb | CVE-2021-3472 | HIGH | 1.20.10-r0 | 1.20.10-r1 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/04/13/1
https://bugzilla.redhat.com/show_bug.cgi?id=1944167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
https://linux.oracle.com/cve/CVE-2021-3472.html
https://linux.oracle.com/errata/ELSA-2021-2033.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
https://lists.x.org/archives/xorg-announce/2021-April/003080.html
https://seclists.org/oss-sec/2021/q2/20
https://security.gentoo.org/glsa/202104-02
https://ubuntu.com/security/notices/USN-4905-1
https://ubuntu.com/security/notices/USN-4905-2
https://www.debian.org/security/2021/dsa-4893
https://www.tenable.com/plugins/nessus/148701
https://www.zerodayinitiative.com/advisories/ZDI-21-463/
| - diff --git a/docs/apps/stable/haste-server/security.md b/docs/apps/stable/haste-server/security.md index 85f92f4d724..47255257ff4 100644 --- a/docs/apps/stable/haste-server/security.md +++ b/docs/apps/stable/haste-server/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:35:26.603Z INFO Detected config files: 1 +2021-12-04T19:35:26.603Z INFO Detected config files: 1 #### haste-server/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:35:27.411Z INFO Detected OS: alpine -2021-12-04T19:35:27.411Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:27.417Z INFO Number of language-specific files: 0 +2021-12-04T19:35:27.411Z INFO Detected OS: alpine +2021-12-04T19:35:27.411Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:27.417Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/haste-server:latest@sha256:046b4d04aa5c23a7a4de10b678aad8f62932e2ae04b2db123107e753b7929f86** -2021-12-04T19:35:39.144Z INFO Detected OS: ubuntu -2021-12-04T19:35:39.144Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:35:39.146Z INFO Number of language-specific files: 2 -2021-12-04T19:35:39.146Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:35:39.147Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:35:39.144Z INFO Detected OS: ubuntu +2021-12-04T19:35:39.144Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:35:39.146Z INFO Number of language-specific files: 2 +2021-12-04T19:35:39.146Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:35:39.147Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/haste-server:latest@sha256:046b4d04aa5c23a7a4de10b678aad8f62932e2ae04b2db123107e753b7929f86 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -160,7 +160,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -171,8 +171,7 @@ | y18n | CVE-2020-7774 | HIGH | 4.0.0 | 5.0.5, 4.0.1, 3.2.2 |
Click to expand!https://github.com/advisories/GHSA-c4w7-xm78-47vh
https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25
https://github.com/yargs/y18n/issues/96
https://github.com/yargs/y18n/pull/108
https://linux.oracle.com/cve/CVE-2020-7774.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306
https://snyk.io/vuln/SNYK-JS-Y18N-1021887
https://www.oracle.com/security-alerts/cpuApr2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/headphones/security.md b/docs/apps/stable/headphones/security.md index b5aa281ce01..bea3b5b8a34 100644 --- a/docs/apps/stable/headphones/security.md +++ b/docs/apps/stable/headphones/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:35:39.947Z INFO Detected config files: 1 +2021-12-04T19:35:39.947Z INFO Detected config files: 1 #### headphones/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:35:41.595Z INFO Detected OS: alpine -2021-12-04T19:35:41.595Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:41.601Z INFO Number of language-specific files: 0 +2021-12-04T19:35:41.595Z INFO Detected OS: alpine +2021-12-04T19:35:41.595Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:41.601Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,13 +61,13 @@ **Container: tccr.io/truecharts/headphones:version-58edc604@sha256:f605d077d6d6023e3326421ce02eb81bd962163b68569f8e3953cb5ac2898344** -2021-12-04T19:35:49.088Z INFO Number of language-specific files: 1 -2021-12-04T19:35:49.089Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:35:49.088Z INFO Number of language-specific files: 1 +2021-12-04T19:35:49.089Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -99,4 +99,3 @@ | pip | CVE-2021-28363 | MEDIUM | 20.3.4 | 21.1 |
Click to expand!https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| | pip | CVE-2021-3572 | MEDIUM | 20.3.4 | 21.1 |
Click to expand!https://access.redhat.com/errata/RHSA-2021:3254
https://bugzilla.redhat.com/show_bug.cgi?id=1962856
https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
https://github.com/pypa/pip/pull/9827
https://linux.oracle.com/cve/CVE-2021-3572.html
https://linux.oracle.com/errata/ELSA-2021-4455.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3572
https://packetstormsecurity.com/files/162712/USN-4961-1.txt
| | pip | pyup.io-42218 | UNKNOWN | 20.3.4 | 21.1 |
Click to expand!
| - diff --git a/docs/apps/stable/healthchecks/security.md b/docs/apps/stable/healthchecks/security.md index 2a9d0d3a1f9..16e7b1d8c3f 100644 --- a/docs/apps/stable/healthchecks/security.md +++ b/docs/apps/stable/healthchecks/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:35:52.767Z INFO Detected config files: 1 +2021-12-04T19:35:52.767Z INFO Detected config files: 1 #### healthchecks/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:35:53.674Z INFO Detected OS: alpine -2021-12-04T19:35:53.674Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:35:53.681Z INFO Number of language-specific files: 0 +2021-12-04T19:35:53.674Z INFO Detected OS: alpine +2021-12-04T19:35:53.674Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:35:53.681Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/healthchecks:version-v1.22.0@sha256:234347d239410227e8d4585c467293f7bb59859f2042bad885633c1ff30c98f2** -2021-12-04T19:36:00.327Z INFO Number of language-specific files: 1 -2021-12-04T19:36:00.327Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:36:00.327Z INFO Number of language-specific files: 1 +2021-12-04T19:36:00.327Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/heimdall/security.md b/docs/apps/stable/heimdall/security.md index 60676e27e13..37f027ae66e 100644 --- a/docs/apps/stable/heimdall/security.md +++ b/docs/apps/stable/heimdall/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:36:06.648Z INFO Detected config files: 1 +2021-12-04T19:36:06.648Z INFO Detected config files: 1 #### heimdall/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:36:07.477Z INFO Detected OS: alpine -2021-12-04T19:36:07.477Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:36:07.489Z INFO Number of language-specific files: 0 +2021-12-04T19:36:07.477Z INFO Detected OS: alpine +2021-12-04T19:36:07.477Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:36:07.489Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/heimdall:version-2.2.2@sha256:eedb3180caf7388b206238120405d53baf9783692b14766ffed7bb388fadd6ce** -2021-12-04T19:36:10.412Z INFO Number of language-specific files: 0 +2021-12-04T19:36:10.412Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/home-assistant/security.md b/docs/apps/stable/home-assistant/security.md index e77b6741509..014e4384ddb 100644 --- a/docs/apps/stable/home-assistant/security.md +++ b/docs/apps/stable/home-assistant/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:36:37.444Z INFO Detected config files: 2 +2021-12-04T19:36:37.444Z INFO Detected config files: 2 #### home-assistant/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -37,14 +37,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:36:39.008Z INFO Detected OS: alpine -2021-12-04T19:36:39.008Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:36:39.016Z INFO Number of language-specific files: 0 +2021-12-04T19:36:39.008Z INFO Detected OS: alpine +2021-12-04T19:36:39.008Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:36:39.016Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -72,16 +72,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:36:46.742Z INFO Detected OS: debian -2021-12-04T19:36:46.742Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:36:46.796Z INFO Number of language-specific files: 2 -2021-12-04T19:36:46.796Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:36:46.796Z INFO Detecting jar vulnerabilities... +2021-12-04T19:36:46.742Z INFO Detected OS: debian +2021-12-04T19:36:46.742Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:36:46.796Z INFO Number of language-specific files: 2 +2021-12-04T19:36:46.796Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:36:46.796Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -276,35 +276,35 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: 'tccr.io/truecharts/home-assistant:v2021.11.5@sha256:f4a4f4c85e51e6c08b36329110c95be441f53ac998bc51bc16f5b26290f7f9ef'** **Container: tccr.io/truecharts/home-assistant:v2021.11.5@sha256:f4a4f4c85e51e6c08b36329110c95be441f53ac998bc51bc16f5b26290f7f9ef** -2021-12-04T19:37:29.991Z INFO Detected OS: alpine -2021-12-04T19:37:29.991Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:29.996Z INFO Number of language-specific files: 2 -2021-12-04T19:37:29.996Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:37:29.997Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:37:29.997Z WARN version error (3.7.4.post0): malformed version: 3.7.4.post0 +2021-12-04T19:37:29.991Z INFO Detected OS: alpine +2021-12-04T19:37:29.991Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:29.996Z INFO Number of language-specific files: 2 +2021-12-04T19:37:29.996Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:37:29.997Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:37:29.997Z WARN version error (3.7.4.post0): malformed version: 3.7.4.post0 #### tccr.io/truecharts/home-assistant:v2021.11.5@sha256:f4a4f4c85e51e6c08b36329110c95be441f53ac998bc51bc16f5b26290f7f9ef (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -366,7 +366,7 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-34552 | CRITICAL | 8.2.0 | 8.3.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
https://github.com/advisories/GHSA-7534-mm45-c74v
https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
https://nvd.nist.gov/vuln/detail/CVE-2021-34552
https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
| @@ -381,22 +381,22 @@ | sendgrid | CVE-2021-43572 | CRITICAL | 6.8.2 | 6.9.1 |
Click to expand!https://github.com/advisories/GHSA-92vm-mxjf-jqf3
https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
https://nvd.nist.gov/vuln/detail/CVE-2021-43572
https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:37:32.610Z INFO Detected OS: alpine -2021-12-04T19:37:32.610Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:32.615Z INFO Number of language-specific files: 0 +2021-12-04T19:37:32.610Z INFO Detected OS: alpine +2021-12-04T19:37:32.610Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:32.615Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -424,16 +424,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:37:42.139Z INFO Detected OS: debian -2021-12-04T19:37:42.139Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:37:42.172Z INFO Number of language-specific files: 2 -2021-12-04T19:37:42.172Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:37:42.172Z INFO Detecting jar vulnerabilities... +2021-12-04T19:37:42.139Z INFO Detected OS: debian +2021-12-04T19:37:42.139Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:37:42.172Z INFO Number of language-specific files: 2 +2021-12-04T19:37:42.172Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:37:42.172Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -628,16 +628,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/hyperion-ng/security.md b/docs/apps/stable/hyperion-ng/security.md index e7ddbe483eb..0b5e8ef6ef2 100644 --- a/docs/apps/stable/hyperion-ng/security.md +++ b/docs/apps/stable/hyperion-ng/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:36:36.480Z INFO Detected config files: 1 +2021-12-04T19:36:36.480Z INFO Detected config files: 1 #### hyperion-ng/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:36:38.433Z INFO Detected OS: alpine -2021-12-04T19:36:38.433Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:36:38.440Z INFO Number of language-specific files: 0 +2021-12-04T19:36:38.433Z INFO Detected OS: alpine +2021-12-04T19:36:38.433Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:36:38.440Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/hyperion.ng:v2.0.12@sha256:630cc8613290119f0d452b600418f2a3f4e78b73923ca47502989c4fc9bb394a** -2021-12-04T19:36:45.512Z INFO Detected OS: debian -2021-12-04T19:36:45.512Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:36:45.547Z INFO Number of language-specific files: 0 +2021-12-04T19:36:45.512Z INFO Detected OS: debian +2021-12-04T19:36:45.512Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:36:45.547Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/hyperion.ng:v2.0.12@sha256:630cc8613290119f0d452b600418f2a3f4e78b73923ca47502989c4fc9bb394a (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -342,4 +342,3 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/docs/apps/stable/icantbelieveitsnotvaletudo/security.md b/docs/apps/stable/icantbelieveitsnotvaletudo/security.md index 84c84d85c41..f733fc38034 100644 --- a/docs/apps/stable/icantbelieveitsnotvaletudo/security.md +++ b/docs/apps/stable/icantbelieveitsnotvaletudo/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:36:46.058Z INFO Detected config files: 1 +2021-12-04T19:36:46.058Z INFO Detected config files: 1 #### icantbelieveitsnotvaletudo/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:36:48.212Z INFO Detected OS: alpine -2021-12-04T19:36:48.212Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:36:48.223Z INFO Number of language-specific files: 0 +2021-12-04T19:36:48.212Z INFO Detected OS: alpine +2021-12-04T19:36:48.212Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:36:48.223Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/icantbelieveitsnotvaletudo:v2021.2.1@sha256:12546c37abe795970d27fda99f78fd45cd25522b11b4c6db6ce98d7484c68883** -2021-12-04T19:36:54.169Z INFO Detected OS: debian -2021-12-04T19:36:54.169Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:36:54.176Z INFO Number of language-specific files: 1 -2021-12-04T19:36:54.176Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:36:54.169Z INFO Detected OS: debian +2021-12-04T19:36:54.169Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:36:54.176Z INFO Number of language-specific files: 1 +2021-12-04T19:36:54.176Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/icantbelieveitsnotvaletudo:v2021.2.1@sha256:12546c37abe795970d27fda99f78fd45cd25522b11b4c6db6ce98d7484c68883 (debian 9.13) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.4.11 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -264,7 +264,7 @@ | util-linux | CVE-2021-37600 | LOW | 2.29.2-1+deb9u1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -281,4 +281,3 @@ | tar | CVE-2021-37713 | HIGH | 4.4.13 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | ws | CVE-2021-32640 | MEDIUM | 7.4.3 | 5.2.3, 6.2.2, 7.4.6 |
Click to expand!https://github.com/advisories/GHSA-6fc8-4gx4-v693
https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
https://github.com/websockets/ws/issues/1895
https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30@%3Ccommits.tinkerpop.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-32640
| | y18n | CVE-2020-7774 | HIGH | 4.0.0 | 5.0.5, 4.0.1, 3.2.2 |
Click to expand!https://github.com/advisories/GHSA-c4w7-xm78-47vh
https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25
https://github.com/yargs/y18n/issues/96
https://github.com/yargs/y18n/pull/108
https://linux.oracle.com/cve/CVE-2020-7774.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306
https://snyk.io/vuln/SNYK-JS-Y18N-1021887
https://www.oracle.com/security-alerts/cpuApr2021.html
| - diff --git a/docs/apps/stable/jackett/CHANGELOG.md b/docs/apps/stable/jackett/CHANGELOG.md index 18e92ec017c..766549af199 100644 --- a/docs/apps/stable/jackett/CHANGELOG.md +++ b/docs/apps/stable/jackett/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [jackett-9.0.31](https://github.com/truecharts/apps/compare/jackett-9.0.30...jackett-9.0.31) (2021-12-04) + +#### Chore + +* improve a bit on security docs generation + + + ### [jackett-9.0.30](https://github.com/truecharts/apps/compare/jackett-9.0.28...jackett-9.0.30) (2021-12-04) diff --git a/docs/apps/stable/jackett/security.md b/docs/apps/stable/jackett/security.md index b5dcbf715c0..a8a542a92e7 100644 --- a/docs/apps/stable/jackett/security.md +++ b/docs/apps/stable/jackett/security.md @@ -4,16 +4,6 @@ ##### Scan Results -2021-12-04T19:37:30.988Z INFO Detected config files: 1 -#### jackett/templates/common.yaml - -**kubernetes** - - -| No Vulnerabilities found | -|:---------------------------------| - - ## Containers @@ -26,14 +16,12 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:37:38.854Z INFO Detected OS: alpine -2021-12-04T19:37:38.854Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:38.864Z INFO Number of language-specific files: 0 -#### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - +#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) + + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +49,12 @@ **Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79** -2021-12-04T19:37:43.399Z INFO Detected OS: ubuntu -2021-12-04T19:37:43.399Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:37:43.405Z INFO Number of language-specific files: 1 -2021-12-04T19:37:43.405Z INFO Detecting gobinary vulnerabilities... -#### tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) - +#### Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) + + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -148,10 +133,10 @@ | python3.8-minimal | CVE-2021-29921 | MEDIUM | 3.8.10-0ubuntu1~20.04 | 3.8.10-0ubuntu1~20.04.1 |
Click to expand!https://bugs.python.org/issue36384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921
https://docs.python.org/3/library/ipaddress.html
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
https://github.com/python/cpython/pull/12577
https://github.com/python/cpython/pull/25099
https://github.com/sickcodes
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
https://security.netapp.com/advisory/ntap-20210622-0003/
https://sick.codes/sick-2021-014
https://ubuntu.com/security/notices/USN-4973-1
https://ubuntu.com/security/notices/USN-4973-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | python3.8-minimal | CVE-2021-3737 | MEDIUM | 3.8.10-0ubuntu1~20.04 | |
Click to expand!https://bugs.python.org/issue44022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737
https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)
https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)
https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14
https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)
https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)
https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)
https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)
https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)
https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)
https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://ubuntu.com/security/notices/USN-5083-1
| | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/jdownloader2/security.md b/docs/apps/stable/jdownloader2/security.md index 46f3d833c16..ae39ee0d19f 100644 --- a/docs/apps/stable/jdownloader2/security.md +++ b/docs/apps/stable/jdownloader2/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:37:30.386Z INFO Detected config files: 1 +2021-12-04T19:37:30.386Z INFO Detected config files: 1 #### jdownloader2/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:37:32.014Z INFO Detected OS: alpine -2021-12-04T19:37:32.014Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:32.018Z INFO Number of language-specific files: 0 +2021-12-04T19:37:32.014Z INFO Detected OS: alpine +2021-12-04T19:37:32.014Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:32.018Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/jdownloader-2:v1.7.1@sha256:f5c7103d8870367cae893099a9a26929860ca5a13ebc7a1e4e335f1f296c40dd** -2021-12-04T19:37:37.973Z INFO Detected OS: alpine -2021-12-04T19:37:37.973Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:37.980Z INFO Number of language-specific files: 0 +2021-12-04T19:37:37.973Z INFO Detected OS: alpine +2021-12-04T19:37:37.973Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:37.980Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/jdownloader-2:v1.7.1@sha256:f5c7103d8870367cae893099a9a26929860ca5a13ebc7a1e4e335f1f296c40dd (alpine 3.12.6) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -115,4 +115,3 @@ | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | xvfb | CVE-2021-3472 | HIGH | 1.20.10-r0 | 1.20.10-r1 |
Click to expand!http://www.openwall.com/lists/oss-security/2021/04/13/1
https://bugzilla.redhat.com/show_bug.cgi?id=1944167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
https://linux.oracle.com/cve/CVE-2021-3472.html
https://linux.oracle.com/errata/ELSA-2021-2033.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
https://lists.x.org/archives/xorg-announce/2021-April/003080.html
https://seclists.org/oss-sec/2021/q2/20
https://security.gentoo.org/glsa/202104-02
https://ubuntu.com/security/notices/USN-4905-1
https://ubuntu.com/security/notices/USN-4905-2
https://www.debian.org/security/2021/dsa-4893
https://www.tenable.com/plugins/nessus/148701
https://www.zerodayinitiative.com/advisories/ZDI-21-463/
| - diff --git a/docs/apps/stable/jellyfin/security.md b/docs/apps/stable/jellyfin/security.md index 2478ebd5114..de3604edb86 100644 --- a/docs/apps/stable/jellyfin/security.md +++ b/docs/apps/stable/jellyfin/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:37:30.683Z INFO Detected config files: 1 +2021-12-04T19:37:30.683Z INFO Detected config files: 1 #### jellyfin/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:37:41.491Z INFO Detected OS: alpine -2021-12-04T19:37:41.491Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:37:41.501Z INFO Number of language-specific files: 0 +2021-12-04T19:37:41.491Z INFO Detected OS: alpine +2021-12-04T19:37:41.491Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:37:41.501Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/jellyfin:v10.7.7@sha256:20febcab671b5281c5ecf8b792860119c9bda4806815bc2764660173b1866924** -2021-12-04T19:38:05.263Z INFO Detected OS: debian -2021-12-04T19:38:05.263Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:38:05.305Z INFO Number of language-specific files: 0 +2021-12-04T19:38:05.263Z INFO Detected OS: debian +2021-12-04T19:38:05.263Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:38:05.305Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/jellyfin:v10.7.7@sha256:20febcab671b5281c5ecf8b792860119c9bda4806815bc2764660173b1866924 (debian 10.10) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -238,4 +238,3 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| - diff --git a/docs/apps/stable/joplin-server/security.md b/docs/apps/stable/joplin-server/security.md index ab6478dadf3..cc506e3ac8f 100644 --- a/docs/apps/stable/joplin-server/security.md +++ b/docs/apps/stable/joplin-server/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:38:29.736Z INFO Detected config files: 2 +2021-12-04T19:38:29.736Z INFO Detected config files: 2 #### joplin-server/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:38:34.351Z INFO Detected OS: alpine -2021-12-04T19:38:34.351Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:38:34.355Z INFO Number of language-specific files: 0 +2021-12-04T19:38:34.351Z INFO Detected OS: alpine +2021-12-04T19:38:34.351Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:38:34.355Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:38:36.186Z INFO Detected OS: debian -2021-12-04T19:38:36.186Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:38:36.230Z INFO Number of language-specific files: 2 -2021-12-04T19:38:36.230Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:38:36.230Z INFO Detecting jar vulnerabilities... +2021-12-04T19:38:36.186Z INFO Detected OS: debian +2021-12-04T19:38:36.186Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:38:36.230Z INFO Number of language-specific files: 2 +2021-12-04T19:38:36.230Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:38:36.230Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/joplin-server:v2.5.1@sha256:a285ff0cf05f534efd28c6652925b57a9774ba41923d15536b873fbbdbabcd2b** -2021-12-04T19:39:07.601Z INFO Detected OS: debian -2021-12-04T19:39:07.601Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:39:07.729Z INFO Number of language-specific files: 1 -2021-12-04T19:39:07.729Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:39:07.601Z INFO Detected OS: debian +2021-12-04T19:39:07.601Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:39:07.729Z INFO Number of language-specific files: 1 +2021-12-04T19:39:07.729Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/joplin-server:v2.5.1@sha256:a285ff0cf05f534efd28c6652925b57a9774ba41923d15536b873fbbdbabcd2b (debian 11.0) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1107,7 +1107,7 @@ | wget | CVE-2021-31879 | MEDIUM | 1.21-1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | @npmcli/arborist | CVE-2021-39134 | HIGH | 2.4.2 | 2.8.2 |
Click to expand!https://github.com/advisories/GHSA-2h3h-q99f-3fhc
https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
https://nvd.nist.gov/vuln/detail/CVE-2021-39134
https://www.npmjs.com/package/@npmcli/arborist
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -1216,14 +1216,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:12.195Z INFO Detected OS: alpine -2021-12-04T19:39:12.195Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:12.203Z INFO Number of language-specific files: 0 +2021-12-04T19:39:12.195Z INFO Detected OS: alpine +2021-12-04T19:39:12.195Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:12.203Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1251,16 +1251,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:39:14.433Z INFO Detected OS: debian -2021-12-04T19:39:14.433Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:39:14.465Z INFO Number of language-specific files: 2 -2021-12-04T19:39:14.465Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:39:14.465Z INFO Detecting jar vulnerabilities... +2021-12-04T19:39:14.433Z INFO Detected OS: debian +2021-12-04T19:39:14.433Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:39:14.465Z INFO Number of language-specific files: 2 +2021-12-04T19:39:14.465Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:39:14.465Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1455,16 +1455,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/kanboard/security.md b/docs/apps/stable/kanboard/security.md index 37da380a89e..4cba7f93268 100644 --- a/docs/apps/stable/kanboard/security.md +++ b/docs/apps/stable/kanboard/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:39:11.375Z INFO Detected config files: 2 +2021-12-04T19:39:11.375Z INFO Detected config files: 2 #### kanboard/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:13.809Z INFO Detected OS: alpine -2021-12-04T19:39:13.809Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:13.818Z INFO Number of language-specific files: 0 +2021-12-04T19:39:13.809Z INFO Detected OS: alpine +2021-12-04T19:39:13.809Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:13.818Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:39:27.869Z INFO Detected OS: debian -2021-12-04T19:39:27.869Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:39:27.908Z INFO Number of language-specific files: 2 -2021-12-04T19:39:27.908Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:39:27.908Z INFO Detecting jar vulnerabilities... +2021-12-04T19:39:27.869Z INFO Detected OS: debian +2021-12-04T19:39:27.869Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:39:27.908Z INFO Number of language-specific files: 2 +2021-12-04T19:39:27.908Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:39:27.908Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,29 +275,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/kanboard:v1.2.20@sha256:1f953b23bf30dbea50a0db78a838c811859d83ab79fe259a93e8fdfe113392f6** -2021-12-04T19:39:31.140Z INFO Detected OS: alpine -2021-12-04T19:39:31.140Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:31.184Z INFO Number of language-specific files: 0 +2021-12-04T19:39:31.140Z INFO Detected OS: alpine +2021-12-04T19:39:31.140Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:31.184Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/kanboard:v1.2.20@sha256:1f953b23bf30dbea50a0db78a838c811859d83ab79fe259a93e8fdfe113392f6 (alpine 3.13.5) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.12.5-r0 | 2.12.6-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -455,14 +455,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:31.997Z INFO Detected OS: alpine -2021-12-04T19:39:31.997Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:32.004Z INFO Number of language-specific files: 0 +2021-12-04T19:39:31.997Z INFO Detected OS: alpine +2021-12-04T19:39:31.997Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:32.004Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -490,16 +490,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:39:32.887Z INFO Detected OS: debian -2021-12-04T19:39:32.888Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:39:32.957Z INFO Number of language-specific files: 2 -2021-12-04T19:39:32.957Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:39:32.957Z INFO Detecting jar vulnerabilities... +2021-12-04T19:39:32.887Z INFO Detected OS: debian +2021-12-04T19:39:32.888Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:39:32.957Z INFO Number of language-specific files: 2 +2021-12-04T19:39:32.957Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:39:32.957Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -694,16 +694,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/kms/security.md b/docs/apps/stable/kms/security.md index 6c81d00bb66..01021a4f957 100644 --- a/docs/apps/stable/kms/security.md +++ b/docs/apps/stable/kms/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:38:34.872Z INFO Detected config files: 1 +2021-12-04T19:38:34.872Z INFO Detected config files: 1 #### kms/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:38:36.884Z INFO Detected OS: alpine -2021-12-04T19:38:36.884Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:38:36.890Z INFO Number of language-specific files: 0 +2021-12-04T19:38:36.884Z INFO Detected OS: alpine +2021-12-04T19:38:36.884Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:38:36.890Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/kms:vminimal@sha256:808c060d4ad8cc05bf3bee5d959683f884845d3d625829bcb9e79d18a2c701fd** -2021-12-04T19:39:10.268Z INFO Detected OS: alpine -2021-12-04T19:39:10.268Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:10.270Z INFO Number of language-specific files: 1 -2021-12-04T19:39:10.270Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:39:10.268Z INFO Detected OS: alpine +2021-12-04T19:39:10.268Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:10.270Z INFO Number of language-specific files: 1 +2021-12-04T19:39:10.270Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/kms:vminimal@sha256:808c060d4ad8cc05bf3bee5d959683f884845d3d625829bcb9e79d18a2c701fd (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -96,9 +96,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/komga/security.md b/docs/apps/stable/komga/security.md index b7e5bf93038..cc9db4683f4 100644 --- a/docs/apps/stable/komga/security.md +++ b/docs/apps/stable/komga/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:39:10.687Z INFO Detected config files: 1 +2021-12-04T19:39:10.687Z INFO Detected config files: 1 #### komga/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:12.816Z INFO Detected OS: alpine -2021-12-04T19:39:12.816Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:12.821Z INFO Number of language-specific files: 0 +2021-12-04T19:39:12.816Z INFO Detected OS: alpine +2021-12-04T19:39:12.816Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:12.821Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/komga:v0.134.0@sha256:b38ff9fd6502fe1272adef4d8b0780e3164ed32a4ccac21ada0912a1cc4a16e1** -2021-12-04T19:39:26.642Z INFO Detected OS: ubuntu -2021-12-04T19:39:26.642Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:39:26.646Z INFO Number of language-specific files: 1 -2021-12-04T19:39:26.646Z INFO Detecting jar vulnerabilities... +2021-12-04T19:39:26.642Z INFO Detected OS: ubuntu +2021-12-04T19:39:26.642Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:39:26.646Z INFO Number of language-specific files: 1 +2021-12-04T19:39:26.646Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/komga:v0.134.0@sha256:b38ff9fd6502fe1272adef4d8b0780e3164ed32a4ccac21ada0912a1cc4a16e1 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2020-27350 | MEDIUM | 1.6.12ubuntu0.1 | 1.6.12ubuntu0.2 |
Click to expand!https://bugs.launchpad.net/bugs/1899193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350
https://security.netapp.com/advisory/ntap-20210108-0005/
https://ubuntu.com/security/notices/USN-4667-1
https://ubuntu.com/security/notices/USN-4667-2
https://usn.ubuntu.com/usn/usn-4667-1
https://www.debian.org/security/2020/dsa-4808
| @@ -261,7 +261,7 @@ | tar | CVE-2019-9923 | LOW | 1.29b-2ubuntu0.1 | 1.29b-2ubuntu0.2 |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | org.apache.activemq:artemis-server | CVE-2020-13947 | MEDIUM | 2.17.0 | |
Click to expand!http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E
https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13947
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -275,4 +275,3 @@ | org.jsoup:jsoup | CVE-2021-37714 | HIGH | 1.13.1 | 1.14.2 |
Click to expand!https://github.com/advisories/GHSA-m72m-mhq2-9p6c
https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c
https://jsoup.org/news/release-1.14.1
https://jsoup.org/news/release-1.14.2
https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b@%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe@%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa@%3Cnotifications.james.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-37714
| | org.springframework.data:spring-data-rest-core | CVE-2021-22047 | MEDIUM | 3.5.5 | 3.4.14, 3.5.6 |
Click to expand!https://nvd.nist.gov/vuln/detail/CVE-2021-22047
https://tanzu.vmware.com/security/cve-2021-22047
| | org.thymeleaf:thymeleaf-spring5 | CVE-2021-43466 | CRITICAL | 3.0.12.RELEASE | |
Click to expand!https://gitee.com/wayne_wwang/wayne_wwang/blob/master/2021/10/31/ruoyi+thymeleaf-rce/index.html
https://github.com/advisories/GHSA-qcj6-jqrg-4wp2
https://nvd.nist.gov/vuln/detail/CVE-2021-43466
| - diff --git a/docs/apps/stable/lazylibrarian/security.md b/docs/apps/stable/lazylibrarian/security.md index 8c2277a63b1..d0338f3c6b7 100644 --- a/docs/apps/stable/lazylibrarian/security.md +++ b/docs/apps/stable/lazylibrarian/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:39:50.026Z INFO Detected config files: 1 +2021-12-04T19:39:50.026Z INFO Detected config files: 1 #### lazylibrarian/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:39:50.808Z INFO Detected OS: alpine -2021-12-04T19:39:50.808Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:39:50.814Z INFO Number of language-specific files: 0 +2021-12-04T19:39:50.808Z INFO Detected OS: alpine +2021-12-04T19:39:50.808Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:39:50.814Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/lazylibrarian:latest@sha256:39be22df562748105a54b77ed8914e097cae98a1ccfde86f975c288588d1a71a** -2021-12-04T19:39:55.865Z INFO Detected OS: ubuntu -2021-12-04T19:39:55.866Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:39:55.881Z INFO Number of language-specific files: 1 -2021-12-04T19:39:55.881Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:39:55.865Z INFO Detected OS: ubuntu +2021-12-04T19:39:55.866Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:39:55.881Z INFO Number of language-specific files: 1 +2021-12-04T19:39:55.881Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/lazylibrarian:latest@sha256:39be22df562748105a54b77ed8914e097cae98a1ccfde86f975c288588d1a71a (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -226,9 +226,6 @@ | python3.6-minimal | CVE-2021-3426 | LOW | 3.6.9-1~18.04ubuntu1.4 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/leaf2mqtt/security.md b/docs/apps/stable/leaf2mqtt/security.md index 608a593964f..c1bc967addf 100644 --- a/docs/apps/stable/leaf2mqtt/security.md +++ b/docs/apps/stable/leaf2mqtt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:40:04.190Z INFO Detected config files: 1 +2021-12-04T19:40:04.190Z INFO Detected config files: 1 #### leaf2mqtt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:40:05.150Z INFO Detected OS: alpine -2021-12-04T19:40:05.150Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:05.158Z INFO Number of language-specific files: 0 +2021-12-04T19:40:05.150Z INFO Detected OS: alpine +2021-12-04T19:40:05.150Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:05.158Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/leaf2mqtt:v0.5@sha256:0073361400f5f077d4eece95d6e13a86b7744fc564bd1bed151e8afcc6bdf143** -2021-12-04T19:40:23.115Z INFO Detected OS: debian -2021-12-04T19:40:23.115Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:40:23.145Z INFO Number of language-specific files: 0 +2021-12-04T19:40:23.115Z INFO Detected OS: debian +2021-12-04T19:40:23.115Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:40:23.145Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/leaf2mqtt:v0.5@sha256:0073361400f5f077d4eece95d6e13a86b7744fc564bd1bed151e8afcc6bdf143 (debian 10.9) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -285,4 +285,3 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| - diff --git a/docs/apps/stable/librespeed/security.md b/docs/apps/stable/librespeed/security.md index 50b3fd1d09b..95b25254ddb 100644 --- a/docs/apps/stable/librespeed/security.md +++ b/docs/apps/stable/librespeed/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:40:24.330Z INFO Detected config files: 1 +2021-12-04T19:40:24.330Z INFO Detected config files: 1 #### librespeed/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:40:25.682Z INFO Detected OS: alpine -2021-12-04T19:40:25.682Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:25.689Z INFO Number of language-specific files: 0 +2021-12-04T19:40:25.682Z INFO Detected OS: alpine +2021-12-04T19:40:25.682Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:25.689Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/librespeed:version-5.2.4@sha256:c441bc4d4d086a95966e93b4dea82674d1a258774f97084b02e87c0bc38deb2a** -2021-12-04T19:40:37.744Z INFO Number of language-specific files: 0 +2021-12-04T19:40:37.744Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/lidarr/security.md b/docs/apps/stable/lidarr/security.md index 7d1f84471c2..4fabf7b4f4b 100644 --- a/docs/apps/stable/lidarr/security.md +++ b/docs/apps/stable/lidarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:40:23.709Z INFO Detected config files: 1 +2021-12-04T19:40:23.709Z INFO Detected config files: 1 #### lidarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:40:25.110Z INFO Detected OS: alpine -2021-12-04T19:40:25.110Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:25.123Z INFO Number of language-specific files: 0 +2021-12-04T19:40:25.110Z INFO Detected OS: alpine +2021-12-04T19:40:25.110Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:25.123Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/lidarr:v1.0.0.2255@sha256:73262a0dcd0b594cc77a8f232e11aad4e54bbeee0f2ab33c7cda3b83ab298b40** -2021-12-04T19:40:35.749Z INFO Detected OS: ubuntu -2021-12-04T19:40:35.750Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:40:35.752Z INFO Number of language-specific files: 1 -2021-12-04T19:40:35.752Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:40:35.749Z INFO Detected OS: ubuntu +2021-12-04T19:40:35.750Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:40:35.752Z INFO Number of language-specific files: 1 +2021-12-04T19:40:35.752Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/lidarr:v1.0.0.2255@sha256:73262a0dcd0b594cc77a8f232e11aad4e54bbeee0f2ab33c7cda3b83ab298b40 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -395,8 +395,7 @@ | perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/littlelink/security.md b/docs/apps/stable/littlelink/security.md index cc402017dd8..48365dca9dd 100644 --- a/docs/apps/stable/littlelink/security.md +++ b/docs/apps/stable/littlelink/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:40:38.362Z INFO Detected config files: 1 +2021-12-04T19:40:38.362Z INFO Detected config files: 1 #### littlelink/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:40:39.237Z INFO Detected OS: alpine -2021-12-04T19:40:39.237Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:39.240Z INFO Number of language-specific files: 0 +2021-12-04T19:40:39.237Z INFO Detected OS: alpine +2021-12-04T19:40:39.237Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:39.240Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,24 +61,23 @@ **Container: tccr.io/truecharts/littlelink-server:latest@sha256:29d95d1d215342d2e627a082b0049116c627781517b3626a8afd9af97f26b605** -2021-12-04T19:40:45.157Z INFO Detected OS: alpine -2021-12-04T19:40:45.157Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:40:45.158Z INFO Number of language-specific files: 1 -2021-12-04T19:40:45.158Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:40:45.157Z INFO Detected OS: alpine +2021-12-04T19:40:45.157Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:40:45.158Z INFO Number of language-specific files: 1 +2021-12-04T19:40:45.158Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/littlelink-server:latest@sha256:29d95d1d215342d2e627a082b0049116c627781517b3626a8afd9af97f26b605 (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 5.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| - diff --git a/docs/apps/stable/logitech-media-server/security.md b/docs/apps/stable/logitech-media-server/security.md index 5a968307a88..19175cf241c 100644 --- a/docs/apps/stable/logitech-media-server/security.md +++ b/docs/apps/stable/logitech-media-server/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:41:05.970Z INFO Detected config files: 1 +2021-12-04T19:41:05.970Z INFO Detected config files: 1 #### logitech-media-server/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:06.757Z INFO Detected OS: alpine -2021-12-04T19:41:06.757Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:06.761Z INFO Number of language-specific files: 0 +2021-12-04T19:41:06.757Z INFO Detected OS: alpine +2021-12-04T19:41:06.757Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:06.761Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/logitechmediaserver:v8.3.0@sha256:9a3d016f99856b8a1ce846a70b1c17dbf8c730030850e48a1b2c632952510dc4** -2021-12-04T19:41:11.023Z INFO Detected OS: debian -2021-12-04T19:41:11.023Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:41:11.061Z INFO Number of language-specific files: 0 +2021-12-04T19:41:11.023Z INFO Detected OS: debian +2021-12-04T19:41:11.023Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:41:11.061Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/logitechmediaserver:v8.3.0@sha256:9a3d016f99856b8a1ce846a70b1c17dbf8c730030850e48a1b2c632952510dc4 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -160,4 +160,3 @@ | perl-modules-5.32 | CVE-2011-4116 | LOW | 5.32.1-4+deb11u2 | |
Click to expand!http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
https://rt.cpan.org/Public/Bug/Display.html?id=69106
https://seclists.org/oss-sec/2011/q4/238
| | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| | wget | CVE-2021-31879 | MEDIUM | 1.21-1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| - diff --git a/docs/apps/stable/loki/security.md b/docs/apps/stable/loki/security.md index 15ce6f21470..b05e525acc8 100644 --- a/docs/apps/stable/loki/security.md +++ b/docs/apps/stable/loki/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:41:40.630Z INFO Detected config files: 2 +2021-12-04T19:41:40.630Z INFO Detected config files: 2 #### loki/charts/promtail/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:41.885Z INFO Detected OS: alpine -2021-12-04T19:41:41.885Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:41.892Z INFO Number of language-specific files: 0 +2021-12-04T19:41:41.885Z INFO Detected OS: alpine +2021-12-04T19:41:41.885Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:41.892Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,15 +70,15 @@ **Container: tccr.io/truecharts/loki:v2.4.1@sha256:79c6f31e246f6edac4efa651f1e246273bd1370bb140d1fa4f3fe143c2251aff** -2021-12-04T19:41:45.496Z INFO Detected OS: alpine -2021-12-04T19:41:45.497Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:45.497Z INFO Number of language-specific files: 1 -2021-12-04T19:41:45.497Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:41:45.496Z INFO Detected OS: alpine +2021-12-04T19:41:45.497Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:45.497Z INFO Number of language-specific files: 1 +2021-12-04T19:41:45.497Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/loki:v2.4.1@sha256:79c6f31e246f6edac4efa651f1e246273bd1370bb140d1fa4f3fe143c2251aff (alpine 3.13.6) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -105,21 +105,21 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:52.703Z INFO Detected OS: alpine -2021-12-04T19:41:52.703Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:52.717Z INFO Number of language-specific files: 0 +2021-12-04T19:41:52.703Z INFO Detected OS: alpine +2021-12-04T19:41:52.703Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:52.717Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -147,15 +147,15 @@ **Container: tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4** -2021-12-04T19:41:58.361Z INFO Detected OS: debian -2021-12-04T19:41:58.361Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:41:58.373Z INFO Number of language-specific files: 1 -2021-12-04T19:41:58.373Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:41:58.361Z INFO Detected OS: debian +2021-12-04T19:41:58.361Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:41:58.373Z INFO Number of language-specific files: 1 +2021-12-04T19:41:58.373Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -225,9 +225,8 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.5.4 | v1.4.11, v1.5.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://nvd.nist.gov/vuln/detail/CVE-2021-41103
https://ubuntu.com/security/notices/USN-5100-1
https://www.debian.org/security/2021/dsa-5002
| | github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 |
Click to expand!https://access.redhat.com/errata/RHBA-2019:0327
https://advisory.checkmarx.net/advisory/CX-2019-4297
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3826
https://github.com/prometheus/prometheus/commit/62e591f9
https://github.com/prometheus/prometheus/pull/5163
https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3826
| - diff --git a/docs/apps/stable/lychee/security.md b/docs/apps/stable/lychee/security.md index 1eecb0353be..89033d060d5 100644 --- a/docs/apps/stable/lychee/security.md +++ b/docs/apps/stable/lychee/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:41:25.342Z INFO Detected config files: 1 +2021-12-04T19:41:25.342Z INFO Detected config files: 1 #### lychee/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:26.619Z INFO Detected OS: alpine -2021-12-04T19:41:26.619Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:26.626Z INFO Number of language-specific files: 0 +2021-12-04T19:41:26.619Z INFO Detected OS: alpine +2021-12-04T19:41:26.619Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:26.626Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/lychee-laravel:v4.3.6@sha256:4bed7b11de627f40477b8865869cd757610969dcecbafaa1a1aac4ea1e8ae1bf** -2021-12-04T19:41:39.790Z INFO Detected OS: debian -2021-12-04T19:41:39.790Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:41:39.889Z INFO Number of language-specific files: 1 -2021-12-04T19:41:39.889Z INFO Detecting composer vulnerabilities... +2021-12-04T19:41:39.790Z INFO Detected OS: debian +2021-12-04T19:41:39.790Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:41:39.889Z INFO Number of language-specific files: 1 +2021-12-04T19:41:39.889Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/lychee-laravel:v4.3.6@sha256:4bed7b11de627f40477b8865869cd757610969dcecbafaa1a1aac4ea1e8ae1bf (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -342,8 +342,7 @@ | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | symfony/http-kernel | CVE-2021-41267 | MEDIUM | v5.2.9 | 5.3.0, 5.3.12 |
Click to expand!https://github.com/advisories/GHSA-q3j3-w37x-hq2q
https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
https://github.com/symfony/symfony/pull/44243
https://github.com/symfony/symfony/releases/tag/v5.3.12
https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
https://nvd.nist.gov/vuln/detail/CVE-2021-41267
https://symfony.com/cve-2021-41267
| - diff --git a/docs/apps/stable/mealie/security.md b/docs/apps/stable/mealie/security.md index 01d46f74146..1f4f39dadc3 100644 --- a/docs/apps/stable/mealie/security.md +++ b/docs/apps/stable/mealie/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:41:41.205Z INFO Detected config files: 1 +2021-12-04T19:41:41.205Z INFO Detected config files: 1 #### mealie/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:42.520Z INFO Detected OS: alpine -2021-12-04T19:41:42.520Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:42.534Z INFO Number of language-specific files: 0 +2021-12-04T19:41:42.520Z INFO Detected OS: alpine +2021-12-04T19:41:42.520Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:42.534Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/mealie:v0.5.4@sha256:52a05feaf3cac813c0540e8c59b0f99900662558254c657e9d0335f0d9c8b4a9** -2021-12-04T19:41:51.738Z INFO Detected OS: debian -2021-12-04T19:41:51.738Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:41:51.755Z INFO Number of language-specific files: 2 -2021-12-04T19:41:51.755Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:41:51.755Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:41:51.738Z INFO Detected OS: debian +2021-12-04T19:41:51.738Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:41:51.755Z INFO Number of language-specific files: 2 +2021-12-04T19:41:51.755Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:41:51.755Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/mealie:v0.5.4@sha256:52a05feaf3cac813c0540e8c59b0f99900662558254c657e9d0335f0d9c8b4a9 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -159,7 +159,7 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apprise | CVE-2021-39229 | HIGH | 0.9.3 | 0.9.5.1 |
Click to expand!https://github.com/advisories/GHSA-qhmp-h54x-38qr
https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359
https://github.com/caronc/apprise/commit/e20fce630d55e4ca9b0a1e325a5fea6997489831
https://github.com/caronc/apprise/pull/436
https://github.com/caronc/apprise/releases/tag/v0.9.5.1
https://github.com/caronc/apprise/security/advisories/GHSA-qhmp-h54x-38qr
https://nvd.nist.gov/vuln/detail/CVE-2021-39229
| @@ -170,9 +170,6 @@ | websockets | CVE-2021-33880 | MEDIUM | 8.1 | 9.1 |
Click to expand!https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0
https://github.com/advisories/GHSA-8ch4-58qp-g3mp
https://nvd.nist.gov/vuln/detail/CVE-2021-33880
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/medusa/security.md b/docs/apps/stable/medusa/security.md index ec1b3f91101..73816139d2a 100644 --- a/docs/apps/stable/medusa/security.md +++ b/docs/apps/stable/medusa/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:41:53.361Z INFO Detected config files: 1 +2021-12-04T19:41:53.361Z INFO Detected config files: 1 #### medusa/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:41:59.388Z INFO Detected OS: alpine -2021-12-04T19:41:59.388Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:41:59.398Z INFO Number of language-specific files: 0 +2021-12-04T19:41:59.388Z INFO Detected OS: alpine +2021-12-04T19:41:59.388Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:41:59.398Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/medusa:v0.5.20@sha256:5de16df497fc0800e47cbd5761c04966403d38445ba54f076f336e70437d3cd9** -2021-12-04T19:42:07.267Z INFO Number of language-specific files: 1 -2021-12-04T19:42:07.267Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:42:07.267Z INFO Number of language-specific files: 1 +2021-12-04T19:42:07.267Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/miniflux/security.md b/docs/apps/stable/miniflux/security.md index 999dd3becab..a34c1e50244 100644 --- a/docs/apps/stable/miniflux/security.md +++ b/docs/apps/stable/miniflux/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:42:28.048Z INFO Detected config files: 2 +2021-12-04T19:42:28.048Z INFO Detected config files: 2 #### miniflux/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:28.842Z INFO Detected OS: alpine -2021-12-04T19:42:28.842Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:28.855Z INFO Number of language-specific files: 0 +2021-12-04T19:42:28.842Z INFO Detected OS: alpine +2021-12-04T19:42:28.842Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:28.855Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:42:29.701Z INFO Detected OS: debian -2021-12-04T19:42:29.701Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:42:29.743Z INFO Number of language-specific files: 2 -2021-12-04T19:42:29.743Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:42:29.743Z INFO Detecting jar vulnerabilities... +2021-12-04T19:42:29.701Z INFO Detected OS: debian +2021-12-04T19:42:29.701Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:42:29.743Z INFO Number of language-specific files: 2 +2021-12-04T19:42:29.743Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:42:29.743Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/miniflux:v2.0.33@sha256:1fcc67ba8a5e9f06c6b67bc654b3276d51c304cb3a2ac4985114b6785c149cb2** -2021-12-04T19:42:31.561Z INFO Detected OS: alpine -2021-12-04T19:42:31.561Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:31.561Z INFO Number of language-specific files: 1 -2021-12-04T19:42:31.561Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:42:31.561Z INFO Detected OS: alpine +2021-12-04T19:42:31.561Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:31.561Z INFO Number of language-specific files: 1 +2021-12-04T19:42:31.561Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/miniflux:v2.0.33@sha256:1fcc67ba8a5e9f06c6b67bc654b3276d51c304cb3a2ac4985114b6785c149cb2 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -325,21 +325,21 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:32.314Z INFO Detected OS: alpine -2021-12-04T19:42:32.314Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:32.320Z INFO Number of language-specific files: 0 +2021-12-04T19:42:32.314Z INFO Detected OS: alpine +2021-12-04T19:42:32.314Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:32.320Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -367,16 +367,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:42:33.524Z INFO Detected OS: debian -2021-12-04T19:42:33.524Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:42:33.565Z INFO Number of language-specific files: 2 -2021-12-04T19:42:33.565Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:42:33.565Z INFO Detecting jar vulnerabilities... +2021-12-04T19:42:33.524Z INFO Detected OS: debian +2021-12-04T19:42:33.524Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:42:33.565Z INFO Number of language-specific files: 2 +2021-12-04T19:42:33.565Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:42:33.565Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -571,16 +571,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/minio-console/security.md b/docs/apps/stable/minio-console/security.md index dc1f68d9ea2..4c17237ffcd 100644 --- a/docs/apps/stable/minio-console/security.md +++ b/docs/apps/stable/minio-console/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:42:35.148Z INFO Detected config files: 1 +2021-12-04T19:42:35.148Z INFO Detected config files: 1 #### minio-console/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:36.143Z INFO Detected OS: alpine -2021-12-04T19:42:36.143Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:36.149Z INFO Number of language-specific files: 0 +2021-12-04T19:42:36.143Z INFO Detected OS: alpine +2021-12-04T19:42:36.143Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:36.149Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -60,5 +60,3 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **Container: tccr.io/truecharts/minio-console:v0.12.5@sha256:95b3c2b2e67b8f61f5d3e09c37875a37b9f4aeaa47f392c02dba191b041517d1** - - diff --git a/docs/apps/stable/minio/security.md b/docs/apps/stable/minio/security.md index 2e1bb7c658c..15094e7c2f2 100644 --- a/docs/apps/stable/minio/security.md +++ b/docs/apps/stable/minio/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:42:49.584Z INFO Detected config files: 1 +2021-12-04T19:42:49.584Z INFO Detected config files: 1 #### minio/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:51.014Z INFO Detected OS: alpine -2021-12-04T19:42:51.014Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:51.021Z INFO Number of language-specific files: 0 +2021-12-04T19:42:51.014Z INFO Detected OS: alpine +2021-12-04T19:42:51.014Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:51.021Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/minio:latest@sha256:8129f69c85b84e13f085a1ce127f108cee0ea84a1f496e8065796c7a15a08442** -2021-12-04T19:42:57.834Z INFO Detected OS: redhat -2021-12-04T19:42:57.834Z INFO Detecting RHEL/CentOS vulnerabilities... -2021-12-04T19:42:57.837Z INFO Number of language-specific files: 1 +2021-12-04T19:42:57.834Z INFO Detected OS: redhat +2021-12-04T19:42:57.834Z INFO Detecting RHEL/CentOS vulnerabilities... +2021-12-04T19:42:57.837Z INFO Number of language-specific files: 1 #### tccr.io/truecharts/minio:latest@sha256:8129f69c85b84e13f085a1ce127f108cee0ea84a1f496e8065796c7a15a08442 (redhat 8.4) - + **redhat** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bzip2-libs | CVE-2019-12900 | LOW | 1.0.6-26.el8 | |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
https://seclists.org/bugtraq/2019/Aug/4
https://seclists.org/bugtraq/2019/Jul/22
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
https://support.f5.com/csp/article/K68713584?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/notices/USN-4038-1
https://ubuntu.com/security/notices/USN-4038-2
https://ubuntu.com/security/notices/USN-4038-3
https://ubuntu.com/security/notices/USN-4038-4
https://ubuntu.com/security/notices/USN-4146-1
https://ubuntu.com/security/notices/USN-4146-2
https://usn.ubuntu.com/4038-1/
https://usn.ubuntu.com/4038-2/
https://usn.ubuntu.com/4146-1/
https://usn.ubuntu.com/4146-2/
https://www.oracle.com/security-alerts/cpuoct2020.html
| @@ -173,4 +173,3 @@ | sqlite-libs | CVE-2019-9936 | LOW | 3.26.0-13.el8 | |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html
http://www.securityfocus.com/bid/107562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/
https://security.gentoo.org/glsa/201908-09
https://security.netapp.com/advisory/ntap-20190416-0005/
https://sqlite.org/src/info/b3fa58dd7403dbd4
https://ubuntu.com/security/notices/USN-4019-1
https://usn.ubuntu.com/4019-1/
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
| | sqlite-libs | CVE-2019-9937 | LOW | 3.26.0-13.el8 | |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html
http://www.securityfocus.com/bid/107562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/
https://security.gentoo.org/glsa/201908-09
https://security.netapp.com/advisory/ntap-20190416-0005/
https://sqlite.org/src/info/45c73deb440496e8
https://ubuntu.com/security/notices/USN-4019-1
https://usn.ubuntu.com/4019-1/
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
| | systemd-libs | CVE-2018-20839 | MEDIUM | 239-45.el8_4.3 | |
Click to expand!http://www.securityfocus.com/bid/108389
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
https://github.com/systemd/systemd/pull/12378
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.netapp.com/advisory/ntap-20190530-0002/
| - diff --git a/docs/apps/stable/mosquitto/security.md b/docs/apps/stable/mosquitto/security.md index 11da3aa2ba5..a9b3603ff6e 100644 --- a/docs/apps/stable/mosquitto/security.md +++ b/docs/apps/stable/mosquitto/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:42:58.623Z INFO Detected config files: 1 +2021-12-04T19:42:58.623Z INFO Detected config files: 1 #### mosquitto/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:42:59.848Z INFO Detected OS: alpine -2021-12-04T19:42:59.848Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:42:59.852Z INFO Number of language-specific files: 0 +2021-12-04T19:42:59.848Z INFO Detected OS: alpine +2021-12-04T19:42:59.848Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:42:59.852Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,13 @@ **Container: tccr.io/truecharts/eclipse-mosquitto:v2.0.14@sha256:047eb800158878c1bea9e6281e2dc3081b53b61ca10fdca5a17816c6fbe15216** -2021-12-04T19:43:01.308Z INFO Detected OS: alpine -2021-12-04T19:43:01.308Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:01.309Z INFO Number of language-specific files: 0 +2021-12-04T19:43:01.308Z INFO Detected OS: alpine +2021-12-04T19:43:01.308Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:01.309Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/eclipse-mosquitto:v2.0.14@sha256:047eb800158878c1bea9e6281e2dc3081b53b61ca10fdca5a17816c6fbe15216 (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/mstream/security.md b/docs/apps/stable/mstream/security.md index c6102b79f70..66010431f95 100644 --- a/docs/apps/stable/mstream/security.md +++ b/docs/apps/stable/mstream/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:43:21.772Z INFO Detected config files: 1 +2021-12-04T19:43:21.772Z INFO Detected config files: 1 #### mstream/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:43:23.265Z INFO Detected OS: alpine -2021-12-04T19:43:23.265Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:23.272Z INFO Number of language-specific files: 0 +2021-12-04T19:43:23.265Z INFO Detected OS: alpine +2021-12-04T19:43:23.265Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:23.272Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/mstream:version-v5.2.5@sha256:1ac2f1c3177e09428cf5be1f33c7110863b69a748f691f8385dc96a313d84e7b** -2021-12-04T19:43:34.582Z INFO Number of language-specific files: 6 -2021-12-04T19:43:34.582Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:43:34.583Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:43:34.582Z INFO Number of language-specific files: 6 +2021-12-04T19:43:34.582Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:43:34.583Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -77,37 +77,34 @@ | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/muximux/security.md b/docs/apps/stable/muximux/security.md index d443fedd394..304c14406ff 100644 --- a/docs/apps/stable/muximux/security.md +++ b/docs/apps/stable/muximux/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:43:23.815Z INFO Detected config files: 1 +2021-12-04T19:43:23.815Z INFO Detected config files: 1 #### muximux/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:43:36.042Z INFO Detected OS: alpine -2021-12-04T19:43:36.042Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:36.048Z INFO Number of language-specific files: 0 +2021-12-04T19:43:36.042Z INFO Detected OS: alpine +2021-12-04T19:43:36.042Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:36.048Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/muximux:version-057352e8@sha256:5942aa00a99c51a0d0fc9afda2f875450515a27a312572c0fcc62471131184e9** -2021-12-04T19:43:37.391Z INFO Number of language-specific files: 0 +2021-12-04T19:43:37.391Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/mylar/security.md b/docs/apps/stable/mylar/security.md index 077592dc0ea..7b6fd07377c 100644 --- a/docs/apps/stable/mylar/security.md +++ b/docs/apps/stable/mylar/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:43:39.197Z INFO Detected config files: 1 +2021-12-04T19:43:39.197Z INFO Detected config files: 1 #### mylar/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:43:40.381Z INFO Detected OS: alpine -2021-12-04T19:43:40.381Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:40.388Z INFO Number of language-specific files: 0 +2021-12-04T19:43:40.381Z INFO Detected OS: alpine +2021-12-04T19:43:40.381Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:40.388Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,13 +61,13 @@ **Container: tccr.io/truecharts/mylar3:version-v0.5.3@sha256:97892fdbd4aaa622ea5b77d1c9c467985545094a13f4acd1ab3f5d4b0bb094ea** -2021-12-04T19:43:46.626Z INFO Number of language-specific files: 1 -2021-12-04T19:43:46.626Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:43:46.626Z INFO Number of language-specific files: 1 +2021-12-04T19:43:46.626Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -96,4 +96,3 @@ | Pillow | CVE-2021-28675 | MEDIUM | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28675
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| | Pillow | CVE-2021-28678 | MEDIUM | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
https://github.com/python-pillow/Pillow/pull/5377
https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28678
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| | Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 |
Click to expand!https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
| - diff --git a/docs/apps/stable/navidrome/security.md b/docs/apps/stable/navidrome/security.md index 749c1341078..afd8f776020 100644 --- a/docs/apps/stable/navidrome/security.md +++ b/docs/apps/stable/navidrome/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:43:47.237Z INFO Detected config files: 1 +2021-12-04T19:43:47.237Z INFO Detected config files: 1 #### navidrome/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:43:48.670Z INFO Detected OS: alpine -2021-12-04T19:43:48.670Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:48.678Z INFO Number of language-specific files: 0 +2021-12-04T19:43:48.670Z INFO Detected OS: alpine +2021-12-04T19:43:48.670Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:48.678Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,24 +61,21 @@ **Container: tccr.io/truecharts/navidrome:v0.47.0@sha256:0ca8781ecf33f961d9e1157b8f0aa0ad8d69cde3dac99e8084bd34aa73094128** -2021-12-04T19:43:54.304Z INFO Detected OS: alpine -2021-12-04T19:43:54.304Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:43:54.312Z INFO Number of language-specific files: 1 -2021-12-04T19:43:54.312Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:43:54.304Z INFO Detected OS: alpine +2021-12-04T19:43:54.304Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:43:54.312Z INFO Number of language-specific files: 1 +2021-12-04T19:43:54.312Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/navidrome:v0.47.0@sha256:0ca8781ecf33f961d9e1157b8f0aa0ad8d69cde3dac99e8084bd34aa73094128 (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/nextcloud/security.md b/docs/apps/stable/nextcloud/security.md index 4630541a79e..e24879021eb 100644 --- a/docs/apps/stable/nextcloud/security.md +++ b/docs/apps/stable/nextcloud/security.md @@ -4,30 +4,30 @@ ##### Scan Results -2021-12-04T19:44:40.066Z INFO Detected config files: 3 +2021-12-04T19:44:40.066Z INFO Detected config files: 3 #### nextcloud/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -46,14 +46,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:44:42.515Z INFO Detected OS: alpine -2021-12-04T19:44:42.515Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:42.526Z INFO Number of language-specific files: 0 +2021-12-04T19:44:42.515Z INFO Detected OS: alpine +2021-12-04T19:44:42.515Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:42.526Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -81,16 +81,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:44:46.503Z INFO Detected OS: debian -2021-12-04T19:44:46.503Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:44:46.539Z INFO Number of language-specific files: 2 -2021-12-04T19:44:46.540Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:44:46.540Z INFO Detecting jar vulnerabilities... +2021-12-04T19:44:46.503Z INFO Detected OS: debian +2021-12-04T19:44:46.503Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:44:46.539Z INFO Number of language-specific files: 2 +2021-12-04T19:44:46.540Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:44:46.540Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -285,30 +285,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e** -2021-12-04T19:45:14.960Z INFO Detected OS: debian -2021-12-04T19:45:14.960Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:45:15.089Z INFO Number of language-specific files: 5 -2021-12-04T19:45:15.089Z INFO Detecting composer vulnerabilities... +2021-12-04T19:45:14.960Z INFO Detected OS: debian +2021-12-04T19:45:14.960Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:45:15.089Z INFO Number of language-specific files: 5 +2021-12-04T19:45:15.089Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | |
Click to expand!http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.iss.net/security_center/static/7494.php
http://www.securityfocus.com/bid/3521
| @@ -766,51 +766,51 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e** -2021-12-04T19:45:16.403Z INFO Detected OS: debian -2021-12-04T19:45:16.403Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:45:16.590Z INFO Number of language-specific files: 5 -2021-12-04T19:45:16.590Z INFO Detecting composer vulnerabilities... +2021-12-04T19:45:16.403Z INFO Detected OS: debian +2021-12-04T19:45:16.403Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:45:16.590Z INFO Number of language-specific files: 5 +2021-12-04T19:45:16.590Z INFO Detecting composer vulnerabilities... #### tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | |
Click to expand!http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.iss.net/security_center/static/7494.php
http://www.securityfocus.com/bid/3521
| @@ -1268,50 +1268,50 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:17.969Z INFO Detected OS: alpine -2021-12-04T19:45:17.970Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:17.975Z INFO Number of language-specific files: 0 +2021-12-04T19:45:17.969Z INFO Detected OS: alpine +2021-12-04T19:45:17.970Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:17.975Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1339,15 +1339,15 @@ **Container: tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae** -2021-12-04T19:45:19.229Z INFO Detected OS: debian -2021-12-04T19:45:19.229Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:45:19.278Z INFO Number of language-specific files: 2 -2021-12-04T19:45:19.278Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:45:19.229Z INFO Detected OS: debian +2021-12-04T19:45:19.229Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:45:19.278Z INFO Number of language-specific files: 2 +2021-12-04T19:45:19.278Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1494,29 +1494,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:20.755Z INFO Detected OS: alpine -2021-12-04T19:45:20.755Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:20.765Z INFO Number of language-specific files: 0 +2021-12-04T19:45:20.755Z INFO Detected OS: alpine +2021-12-04T19:45:20.755Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:20.765Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1544,16 +1544,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:45:24.701Z INFO Detected OS: debian -2021-12-04T19:45:24.701Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:45:24.761Z INFO Number of language-specific files: 2 -2021-12-04T19:45:24.761Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:45:24.764Z INFO Detecting jar vulnerabilities... +2021-12-04T19:45:24.701Z INFO Detected OS: debian +2021-12-04T19:45:24.701Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:45:24.761Z INFO Number of language-specific files: 2 +2021-12-04T19:45:24.761Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:45:24.764Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1748,16 +1748,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/node-red/security.md b/docs/apps/stable/node-red/security.md index ca0185c11d9..a4084e2a39c 100644 --- a/docs/apps/stable/node-red/security.md +++ b/docs/apps/stable/node-red/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:44:24.039Z INFO Detected config files: 1 +2021-12-04T19:44:24.039Z INFO Detected config files: 1 #### node-red/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:44:24.889Z INFO Detected OS: alpine -2021-12-04T19:44:24.890Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:24.905Z INFO Number of language-specific files: 0 +2021-12-04T19:44:24.889Z INFO Detected OS: alpine +2021-12-04T19:44:24.890Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:24.905Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,25 +61,24 @@ **Container: tccr.io/truecharts/node-red:v2.1.4@sha256:ede5c67753313e35ea6e0317573a74c77212822c33444b4b00ab562d2bdce97e** -2021-12-04T19:44:38.052Z INFO Detected OS: alpine -2021-12-04T19:44:38.052Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:38.055Z INFO Number of language-specific files: 1 -2021-12-04T19:44:38.055Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:44:38.052Z INFO Detected OS: alpine +2021-12-04T19:44:38.052Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:38.055Z INFO Number of language-specific files: 1 +2021-12-04T19:44:38.055Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/node-red:v2.1.4@sha256:ede5c67753313e35ea6e0317573a74c77212822c33444b4b00ab562d2bdce97e (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| - diff --git a/docs/apps/stable/novnc/security.md b/docs/apps/stable/novnc/security.md index 07df1d41f3c..c85665beb34 100644 --- a/docs/apps/stable/novnc/security.md +++ b/docs/apps/stable/novnc/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:44:38.541Z INFO Detected config files: 1 +2021-12-04T19:44:38.541Z INFO Detected config files: 1 #### novnc/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:44:41.889Z INFO Detected OS: alpine -2021-12-04T19:44:41.889Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:41.892Z INFO Number of language-specific files: 0 +2021-12-04T19:44:41.889Z INFO Detected OS: alpine +2021-12-04T19:44:41.889Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:41.892Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/novnc:version-1.2.0@sha256:aac782a823a7c34efce17d635a706cf967c6690784f0da9bd8efd4bb0bb598c1** -2021-12-04T19:44:45.918Z INFO Number of language-specific files: 1 -2021-12-04T19:44:45.918Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:44:45.918Z INFO Number of language-specific files: 1 +2021-12-04T19:44:45.918Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/nullserv/security.md b/docs/apps/stable/nullserv/security.md index d20774f7ad7..7233f83582b 100644 --- a/docs/apps/stable/nullserv/security.md +++ b/docs/apps/stable/nullserv/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:44:38.997Z INFO Detected config files: 1 +2021-12-04T19:44:38.997Z INFO Detected config files: 1 #### nullserv/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:44:41.267Z INFO Detected OS: alpine -2021-12-04T19:44:41.267Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:44:41.273Z INFO Number of language-specific files: 0 +2021-12-04T19:44:41.267Z INFO Detected OS: alpine +2021-12-04T19:44:41.267Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:44:41.273Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/nullserv:v1.3.0@sha256:67aa9d50ba0c9547b4b0f7fc68c023a34b5e2b027f7bc9233120d5fbd6bcf3cd** -2021-12-04T19:44:48.390Z INFO Number of language-specific files: 0 +2021-12-04T19:44:48.390Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/nzbget/security.md b/docs/apps/stable/nzbget/security.md index bec1092277f..467321a8762 100644 --- a/docs/apps/stable/nzbget/security.md +++ b/docs/apps/stable/nzbget/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:45:18.567Z INFO Detected config files: 1 +2021-12-04T19:45:18.567Z INFO Detected config files: 1 #### nzbget/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:19.970Z INFO Detected OS: alpine -2021-12-04T19:45:19.971Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:19.979Z INFO Number of language-specific files: 0 +2021-12-04T19:45:19.970Z INFO Detected OS: alpine +2021-12-04T19:45:19.971Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:19.979Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/nzbget:v21.1@sha256:381d4e760ee2de5b2f3a83d1f2885b3bffe891f6b961db0df94986b03868333a** -2021-12-04T19:45:23.988Z INFO Detected OS: ubuntu -2021-12-04T19:45:23.988Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:45:24.000Z INFO Number of language-specific files: 2 -2021-12-04T19:45:24.000Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:45:24.000Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:45:23.988Z INFO Detected OS: ubuntu +2021-12-04T19:45:23.988Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:45:24.000Z INFO Number of language-specific files: 2 +2021-12-04T19:45:24.000Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:45:24.000Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/nzbget:v21.1@sha256:381d4e760ee2de5b2f3a83d1f2885b3bffe891f6b961db0df94986b03868333a (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -150,15 +150,14 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/nzbhydra/security.md b/docs/apps/stable/nzbhydra/security.md index cd4d3c1decf..f03ceb5f0de 100644 --- a/docs/apps/stable/nzbhydra/security.md +++ b/docs/apps/stable/nzbhydra/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:45:31.207Z INFO Detected config files: 1 +2021-12-04T19:45:31.207Z INFO Detected config files: 1 #### nzbhydra/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:32.082Z INFO Detected OS: alpine -2021-12-04T19:45:32.082Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:32.092Z INFO Number of language-specific files: 0 +2021-12-04T19:45:32.082Z INFO Detected OS: alpine +2021-12-04T19:45:32.082Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:32.092Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/nzbhydra2:v3.18.1@sha256:49f70e9135edc8afcc3343569f7d6dbc4b693012f502ed70783241b975990ef6** -2021-12-04T19:45:42.742Z INFO Detected OS: ubuntu -2021-12-04T19:45:42.742Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:45:42.746Z INFO Number of language-specific files: 1 -2021-12-04T19:45:42.746Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:45:42.742Z INFO Detected OS: ubuntu +2021-12-04T19:45:42.742Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:45:42.746Z INFO Number of language-specific files: 1 +2021-12-04T19:45:42.746Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/nzbhydra2:v3.18.1@sha256:49f70e9135edc8afcc3343569f7d6dbc4b693012f502ed70783241b975990ef6 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -159,8 +159,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/octoprint/security.md b/docs/apps/stable/octoprint/security.md index e2ee9b3e49e..c43f5179f1d 100644 --- a/docs/apps/stable/octoprint/security.md +++ b/docs/apps/stable/octoprint/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:45:43.427Z INFO Detected config files: 1 +2021-12-04T19:45:43.427Z INFO Detected config files: 1 #### octoprint/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:45:44.310Z INFO Detected OS: alpine -2021-12-04T19:45:44.310Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:45:44.317Z INFO Number of language-specific files: 0 +2021-12-04T19:45:44.310Z INFO Detected OS: alpine +2021-12-04T19:45:44.310Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:45:44.317Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/octoprint:v1.7.2@sha256:80d677488365ad240b0cef90fa381ba849dcd82dfc62b11689d88da9867956c6** -2021-12-04T19:46:11.144Z INFO Detected OS: debian -2021-12-04T19:46:11.144Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:46:11.377Z INFO Number of language-specific files: 2 -2021-12-04T19:46:11.379Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:46:11.382Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:46:11.144Z INFO Detected OS: debian +2021-12-04T19:46:11.144Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:46:11.377Z INFO Number of language-specific files: 2 +2021-12-04T19:46:11.379Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:46:11.382Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/octoprint:v1.7.2@sha256:80d677488365ad240b0cef90fa381ba849dcd82dfc62b11689d88da9867956c6 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1477,15 +1477,14 @@ | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Werkzeug | pyup.io-42050 | UNKNOWN | 1.0.1 | 2.0.2 |
Click to expand!
| - diff --git a/docs/apps/stable/odoo/security.md b/docs/apps/stable/odoo/security.md index da57d5ee192..55c82744b5f 100644 --- a/docs/apps/stable/odoo/security.md +++ b/docs/apps/stable/odoo/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:46:19.308Z INFO Detected config files: 2 +2021-12-04T19:46:19.308Z INFO Detected config files: 2 #### odoo/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:24.427Z INFO Detected OS: alpine -2021-12-04T19:46:24.427Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:24.438Z INFO Number of language-specific files: 0 +2021-12-04T19:46:24.427Z INFO Detected OS: alpine +2021-12-04T19:46:24.427Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:24.438Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:46:26.755Z INFO Detected OS: debian -2021-12-04T19:46:26.755Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:46:26.782Z INFO Number of language-specific files: 2 -2021-12-04T19:46:26.782Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:46:26.782Z INFO Detecting jar vulnerabilities... +2021-12-04T19:46:26.755Z INFO Detected OS: debian +2021-12-04T19:46:26.755Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:46:26.782Z INFO Number of language-specific files: 2 +2021-12-04T19:46:26.782Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:46:26.782Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/odoo:version-14.0@sha256:dec23986ced979e029a78512272e2be18bab60d811bccb3d7ddc4b3241b210e2** -2021-12-04T19:46:54.798Z INFO Detected OS: debian -2021-12-04T19:46:54.798Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:46:54.842Z INFO Number of language-specific files: 1 -2021-12-04T19:46:54.843Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:46:54.798Z INFO Detected OS: debian +2021-12-04T19:46:54.798Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:46:54.842Z INFO Number of language-specific files: 1 +2021-12-04T19:46:54.843Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/odoo:version-14.0@sha256:dec23986ced979e029a78512272e2be18bab60d811bccb3d7ddc4b3241b210e2 (debian 10.10) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -686,22 +686,22 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.1-1.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:56.073Z INFO Detected OS: alpine -2021-12-04T19:46:56.073Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:56.078Z INFO Number of language-specific files: 0 +2021-12-04T19:46:56.073Z INFO Detected OS: alpine +2021-12-04T19:46:56.073Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:56.078Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -729,16 +729,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:46:57.394Z INFO Detected OS: debian -2021-12-04T19:46:57.394Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:46:57.421Z INFO Number of language-specific files: 2 -2021-12-04T19:46:57.421Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:46:57.421Z INFO Detecting jar vulnerabilities... +2021-12-04T19:46:57.394Z INFO Detected OS: debian +2021-12-04T19:46:57.394Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:46:57.421Z INFO Number of language-specific files: 2 +2021-12-04T19:46:57.421Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:46:57.421Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -933,16 +933,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/ombi/security.md b/docs/apps/stable/ombi/security.md index 4ee99a3ac67..22a7092ca2a 100644 --- a/docs/apps/stable/ombi/security.md +++ b/docs/apps/stable/ombi/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:46:20.029Z INFO Detected config files: 1 +2021-12-04T19:46:20.029Z INFO Detected config files: 1 #### ombi/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:25.004Z INFO Detected OS: alpine -2021-12-04T19:46:25.004Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:25.012Z INFO Number of language-specific files: 0 +2021-12-04T19:46:25.004Z INFO Detected OS: alpine +2021-12-04T19:46:25.004Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:25.012Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/ombi:v4.0.1482@sha256:0fa4e81029d9adef9d773ce99db13ff3039fd087d58d7266cbcfd7462e7afc56** -2021-12-04T19:46:33.364Z INFO Detected OS: ubuntu -2021-12-04T19:46:33.364Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:46:33.367Z INFO Number of language-specific files: 1 -2021-12-04T19:46:33.367Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:46:33.364Z INFO Detected OS: ubuntu +2021-12-04T19:46:33.364Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:46:33.367Z INFO Number of language-specific files: 1 +2021-12-04T19:46:33.367Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/ombi:v4.0.1482@sha256:0fa4e81029d9adef9d773ce99db13ff3039fd087d58d7266cbcfd7462e7afc56 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -157,8 +157,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/onlyoffice-document-server/security.md b/docs/apps/stable/onlyoffice-document-server/security.md index d0fd89484ba..590130214d0 100644 --- a/docs/apps/stable/onlyoffice-document-server/security.md +++ b/docs/apps/stable/onlyoffice-document-server/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:46:27.249Z INFO Detected config files: 1 +2021-12-04T19:46:27.249Z INFO Detected config files: 1 #### onlyoffice-document-server/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:56.675Z INFO Detected OS: alpine -2021-12-04T19:46:56.675Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:56.679Z INFO Number of language-specific files: 0 +2021-12-04T19:46:56.675Z INFO Detected OS: alpine +2021-12-04T19:46:56.675Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:56.679Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/documentserver:v6.4.2.6@sha256:c298cbb59a2d7f73a5a9bc5cc11f9e0e299ef2ab966e64f3e8d8382921a6341c** -2021-12-04T19:47:36.848Z INFO Detected OS: ubuntu -2021-12-04T19:47:36.848Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:47:36.860Z INFO Number of language-specific files: 0 +2021-12-04T19:47:36.848Z INFO Detected OS: ubuntu +2021-12-04T19:47:36.848Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:47:36.860Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/documentserver:v6.4.2.6@sha256:c298cbb59a2d7f73a5a9bc5cc11f9e0e299ef2ab966e64f3e8d8382921a6341c (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -440,4 +440,3 @@ | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-2ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| - diff --git a/docs/apps/stable/openkm/security.md b/docs/apps/stable/openkm/security.md index eb80875ab12..1a4ef288953 100644 --- a/docs/apps/stable/openkm/security.md +++ b/docs/apps/stable/openkm/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:46:55.490Z INFO Detected config files: 2 +2021-12-04T19:46:55.490Z INFO Detected config files: 2 #### openkm/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -37,14 +37,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:46:58.372Z INFO Detected OS: alpine -2021-12-04T19:46:58.372Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:46:58.383Z INFO Number of language-specific files: 0 +2021-12-04T19:46:58.372Z INFO Detected OS: alpine +2021-12-04T19:46:58.372Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:46:58.383Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -72,16 +72,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:47:39.208Z INFO Detected OS: debian -2021-12-04T19:47:39.208Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:47:39.238Z INFO Number of language-specific files: 2 -2021-12-04T19:47:39.238Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:47:39.238Z INFO Detecting jar vulnerabilities... +2021-12-04T19:47:39.208Z INFO Detected OS: debian +2021-12-04T19:47:39.208Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:47:39.238Z INFO Number of language-specific files: 2 +2021-12-04T19:47:39.238Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:47:39.238Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -276,33 +276,33 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: 'tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c'** **Container: tccr.io/truecharts/openkm-ce:v6.3.11@sha256:941156f70c16350fb92d66f60007ac68abaee11265448eaacc40e821a46afc4d** -2021-12-04T19:48:32.457Z INFO Detected OS: ubuntu -2021-12-04T19:48:32.457Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:48:32.479Z INFO Number of language-specific files: 1 -2021-12-04T19:48:32.479Z INFO Detecting jar vulnerabilities... +2021-12-04T19:48:32.457Z INFO Detected OS: ubuntu +2021-12-04T19:48:32.457Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:48:32.479Z INFO Number of language-specific files: 1 +2021-12-04T19:48:32.479Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/openkm-ce:v6.3.11@sha256:941156f70c16350fb92d66f60007ac68abaee11265448eaacc40e821a46afc4d (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -726,7 +726,7 @@ | xdg-user-dirs | CVE-2017-15131 | LOW | 0.17-1ubuntu1 | |
Click to expand!http://bugs.freedesktop.org/show_bug.cgi?id=102303
https://access.redhat.com/errata/RHSA-2018:0842
https://bugzilla.redhat.com/show_bug.cgi?id=1412762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15131
https://linux.oracle.com/cve/CVE-2017-15131.html
https://linux.oracle.com/errata/ELSA-2018-0842.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ch.qos.logback:logback-classic | CVE-2017-5929 | CRITICAL | 1.1.3 | 1.2.0 |
Click to expand!http://www.cvedetails.com/cve/CVE-2017-5929/
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2017:1832
https://access.redhat.com/errata/RHSA-2018:2927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E
https://logback.qos.ch/news.html
https://nvd.nist.gov/vuln/detail/CVE-2017-5929
| @@ -870,14 +870,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:48:34.780Z INFO Detected OS: alpine -2021-12-04T19:48:34.780Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:34.783Z INFO Number of language-specific files: 0 +2021-12-04T19:48:34.780Z INFO Detected OS: alpine +2021-12-04T19:48:34.780Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:34.783Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -905,16 +905,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:48:38.094Z INFO Detected OS: debian -2021-12-04T19:48:38.094Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:48:38.112Z INFO Number of language-specific files: 2 -2021-12-04T19:48:38.112Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:48:38.112Z INFO Detecting jar vulnerabilities... +2021-12-04T19:48:38.094Z INFO Detected OS: debian +2021-12-04T19:48:38.094Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:48:38.112Z INFO Number of language-specific files: 2 +2021-12-04T19:48:38.112Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:48:38.112Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1109,16 +1109,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/openldap/security.md b/docs/apps/stable/openldap/security.md index 9755ee7f319..f001ddc7f17 100644 --- a/docs/apps/stable/openldap/security.md +++ b/docs/apps/stable/openldap/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:47:37.294Z INFO Detected config files: 1 +2021-12-04T19:47:37.294Z INFO Detected config files: 1 #### openldap/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:47:38.590Z INFO Detected OS: alpine -2021-12-04T19:47:38.590Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:47:38.601Z INFO Number of language-specific files: 0 +2021-12-04T19:47:38.590Z INFO Detected OS: alpine +2021-12-04T19:47:38.590Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:47:38.601Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/openldap:v1.5.0@sha256:d7e4f9279595ea1772efac4063876b29a96ff54c214f2c3ba52d2c3bfca8928c** -2021-12-04T19:47:44.128Z INFO Detected OS: debian -2021-12-04T19:47:44.128Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:47:44.171Z INFO Number of language-specific files: 2 -2021-12-04T19:47:44.171Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:47:44.128Z INFO Detected OS: debian +2021-12-04T19:47:44.128Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:47:44.171Z INFO Number of language-specific files: 2 +2021-12-04T19:47:44.171Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/openldap:v1.5.0@sha256:d7e4f9279595ea1772efac4063876b29a96ff54c214f2c3ba52d2c3bfca8928c (debian 10.8) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.2 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -434,14 +434,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20201012173705-84dcc777aaee | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20201012173705-84dcc777aaee | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/docs/apps/stable/organizr/security.md b/docs/apps/stable/organizr/security.md index 133b0145e2f..87bc7f1b9a4 100644 --- a/docs/apps/stable/organizr/security.md +++ b/docs/apps/stable/organizr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:47:37.746Z INFO Detected config files: 1 +2021-12-04T19:47:37.746Z INFO Detected config files: 1 #### organizr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:47:47.295Z INFO Detected OS: alpine -2021-12-04T19:47:47.295Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:47:47.302Z INFO Number of language-specific files: 0 +2021-12-04T19:47:47.295Z INFO Detected OS: alpine +2021-12-04T19:47:47.295Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:47:47.302Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/organizr:latest@sha256:ca1794e822f705b63c5753d56c7eecfd23e1ae77ddffb5a66b13c2ec7f587ad3** -2021-12-04T19:47:51.140Z INFO Detected OS: alpine -2021-12-04T19:47:51.140Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:47:51.157Z INFO Number of language-specific files: 0 +2021-12-04T19:47:51.140Z INFO Detected OS: alpine +2021-12-04T19:47:51.140Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:47:51.157Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/organizr:latest@sha256:ca1794e822f705b63c5753d56c7eecfd23e1ae77ddffb5a66b13c2ec7f587ad3 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -114,4 +114,3 @@ | ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| - diff --git a/docs/apps/stable/oscam/security.md b/docs/apps/stable/oscam/security.md index 7677d728a0e..1df8e0b28b0 100644 --- a/docs/apps/stable/oscam/security.md +++ b/docs/apps/stable/oscam/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:48:33.326Z INFO Detected config files: 1 +2021-12-04T19:48:33.326Z INFO Detected config files: 1 #### oscam/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:48:43.241Z INFO Detected OS: alpine -2021-12-04T19:48:43.241Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:43.251Z INFO Number of language-specific files: 0 +2021-12-04T19:48:43.241Z INFO Detected OS: alpine +2021-12-04T19:48:43.241Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:43.251Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/oscam:version-11693@sha256:dcaa24c5076e020243aa0bcf2b5e2edbd1fcf6f9066c50e3f5c2f32937c68cb9** -2021-12-04T19:49:00.993Z INFO Number of language-specific files: 0 +2021-12-04T19:49:00.993Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/overseerr/security.md b/docs/apps/stable/overseerr/security.md index e3831eae476..0ecc00df157 100644 --- a/docs/apps/stable/overseerr/security.md +++ b/docs/apps/stable/overseerr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:48:35.093Z INFO Detected config files: 1 +2021-12-04T19:48:35.093Z INFO Detected config files: 1 #### overseerr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:48:36.515Z INFO Detected OS: alpine -2021-12-04T19:48:36.516Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:36.519Z INFO Number of language-specific files: 0 +2021-12-04T19:48:36.515Z INFO Detected OS: alpine +2021-12-04T19:48:36.516Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:36.519Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,17 +61,17 @@ **Container: tccr.io/truecharts/overseerr:v1.27.0@sha256:cf3d0ae6c0df50e397a567e49d2ba891c2dc46cb1145f11acf0a12b82a3bfcd9** -2021-12-04T19:48:58.965Z INFO Detected OS: alpine -2021-12-04T19:48:58.965Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:58.966Z INFO Number of language-specific files: 1 -2021-12-04T19:48:58.966Z INFO Detecting node-pkg vulnerabilities... -2021-12-04T19:48:58.990Z WARN This OS version is no longer supported by the distribution: alpine 3.11.12 -2021-12-04T19:48:58.990Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:48:58.965Z INFO Detected OS: alpine +2021-12-04T19:48:58.965Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:58.966Z INFO Number of language-specific files: 1 +2021-12-04T19:48:58.966Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:48:58.990Z WARN This OS version is no longer supported by the distribution: alpine 3.11.12 +2021-12-04T19:48:58.990Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/overseerr:v1.27.0@sha256:cf3d0ae6c0df50e397a567e49d2ba891c2dc46cb1145f11acf0a12b82a3bfcd9 (alpine 3.11.12) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -96,7 +96,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r10 | 1.31.1-r11 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -118,4 +118,3 @@ | tar | CVE-2021-37701 | HIGH | 6.1.0 | 6.1.7, 5.0.8, 4.4.16 |
Click to expand!https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37712 | HIGH | 6.1.0 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37713 | HIGH | 6.1.0 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/docs/apps/stable/owncast/security.md b/docs/apps/stable/owncast/security.md index 8a9ace4fa1c..e2d27558a45 100644 --- a/docs/apps/stable/owncast/security.md +++ b/docs/apps/stable/owncast/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:48:33.033Z INFO Detected config files: 1 +2021-12-04T19:48:33.033Z INFO Detected config files: 1 #### owncast/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:48:35.660Z INFO Detected OS: alpine -2021-12-04T19:48:35.660Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:35.666Z INFO Number of language-specific files: 0 +2021-12-04T19:48:35.660Z INFO Detected OS: alpine +2021-12-04T19:48:35.660Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:35.666Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/owncast:v0.0.10@sha256:59e455798cacf118a74184755b060f48bcc05dc56bb9d4f696bcc77f411f1ad0** -2021-12-04T19:48:41.846Z INFO Detected OS: alpine -2021-12-04T19:48:41.846Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:48:41.849Z INFO Number of language-specific files: 1 -2021-12-04T19:48:41.849Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:48:41.846Z INFO Detected OS: alpine +2021-12-04T19:48:41.846Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:48:41.849Z INFO Number of language-specific files: 1 +2021-12-04T19:48:41.849Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/owncast:v0.0.10@sha256:59e455798cacf118a74184755b060f48bcc05dc56bb9d4f696bcc77f411f1ad0 (alpine 3.12.0) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -117,9 +117,6 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r16 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/owncloud-ocis/security.md b/docs/apps/stable/owncloud-ocis/security.md index 814276e668d..8b45e287d68 100644 --- a/docs/apps/stable/owncloud-ocis/security.md +++ b/docs/apps/stable/owncloud-ocis/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:49:22.457Z INFO Detected config files: 1 +2021-12-04T19:49:22.457Z INFO Detected config files: 1 #### owncloud-ocis/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:49:23.264Z INFO Detected OS: alpine -2021-12-04T19:49:23.264Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:23.275Z INFO Number of language-specific files: 0 +2021-12-04T19:49:23.264Z INFO Detected OS: alpine +2021-12-04T19:49:23.264Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:23.275Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,24 +61,23 @@ **Container: tccr.io/truecharts/ocis:v1.15.0@sha256:513bf715f330afcd06918be63f47b8ad7bf80515d3ed2b29afdb7da00ed66eb4** -2021-12-04T19:49:26.300Z INFO Detected OS: alpine -2021-12-04T19:49:26.300Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:26.300Z INFO Number of language-specific files: 1 -2021-12-04T19:49:26.301Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:49:26.300Z INFO Detected OS: alpine +2021-12-04T19:49:26.300Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:26.300Z INFO Number of language-specific files: 1 +2021-12-04T19:49:26.301Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/ocis:v1.15.0@sha256:513bf715f330afcd06918be63f47b8ad7bf80515d3ed2b29afdb7da00ed66eb4 (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/dgrijalva/jwt-go | CVE-2020-26160 | HIGH | v3.2.0+incompatible | |
Click to expand!https://github.com/dgrijalva/jwt-go/pull/426
https://nvd.nist.gov/vuln/detail/CVE-2020-26160
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| - diff --git a/docs/apps/stable/pgadmin/security.md b/docs/apps/stable/pgadmin/security.md index a655638ccfa..b42525e23f4 100644 --- a/docs/apps/stable/pgadmin/security.md +++ b/docs/apps/stable/pgadmin/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:49:26.951Z INFO Detected config files: 1 +2021-12-04T19:49:26.951Z INFO Detected config files: 1 #### pgadmin/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:49:27.762Z INFO Detected OS: alpine -2021-12-04T19:49:27.762Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:27.781Z INFO Number of language-specific files: 0 +2021-12-04T19:49:27.762Z INFO Detected OS: alpine +2021-12-04T19:49:27.762Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:27.781Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,25 +61,24 @@ **Container: tccr.io/truecharts/pgadmin4:v6.2@sha256:56a1cc09742301c5cca10f75f9766a85f7b8c9a256ee88cdf04ad1038db2f2cd** -2021-12-04T19:49:35.161Z INFO Detected OS: alpine -2021-12-04T19:49:35.161Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:35.162Z INFO Number of language-specific files: 1 -2021-12-04T19:49:35.162Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:49:35.161Z INFO Detected OS: alpine +2021-12-04T19:49:35.161Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:35.162Z INFO Number of language-specific files: 1 +2021-12-04T19:49:35.162Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/pgadmin4:v6.2@sha256:56a1cc09742301c5cca10f75f9766a85f7b8c9a256ee88cdf04ad1038db2f2cd (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Flask-Security-Too | CVE-2021-32618 | MEDIUM | 4.1.2 | |
Click to expand!https://github.com/Flask-Middleware/flask-security/issues/486
https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-6qmf-fj6m-686c
https://github.com/advisories/GHSA-6qmf-fj6m-686c
https://nvd.nist.gov/vuln/detail/CVE-2021-32618
| | WTForms | pyup.io-42852 | UNKNOWN | 2.3.3 | 3.0.0a1 |
Click to expand!
| | Werkzeug | pyup.io-42050 | UNKNOWN | 1.0.1 | 2.0.2 |
Click to expand!
| - diff --git a/docs/apps/stable/photoprism/security.md b/docs/apps/stable/photoprism/security.md index c4456535361..00d20a13a83 100644 --- a/docs/apps/stable/photoprism/security.md +++ b/docs/apps/stable/photoprism/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:49:56.482Z INFO Detected config files: 2 +2021-12-04T19:49:56.482Z INFO Detected config files: 2 #### photoprism/charts/mariadb/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -35,14 +35,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:49:57.995Z INFO Detected OS: alpine -2021-12-04T19:49:57.995Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:58.003Z INFO Number of language-specific files: 0 +2021-12-04T19:49:57.995Z INFO Detected OS: alpine +2021-12-04T19:49:57.995Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:58.003Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -70,15 +70,15 @@ **Container: tccr.io/truecharts/photoprism:v20211130@sha256:97fa3752e28cd26282f06b87f299c63f5b8413b84de09acd8b71375a2b77540f** -2021-12-04T19:50:32.255Z INFO Detected OS: ubuntu -2021-12-04T19:50:32.255Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:50:32.258Z INFO Number of language-specific files: 2 -2021-12-04T19:50:32.258Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:50:32.255Z INFO Detected OS: ubuntu +2021-12-04T19:50:32.255Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:50:32.258Z INFO Number of language-specific files: 2 +2021-12-04T19:50:32.258Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/photoprism:v20211130@sha256:97fa3752e28cd26282f06b87f299c63f5b8413b84de09acd8b71375a2b77540f (ubuntu 21.10) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | coreutils | CVE-2016-2781 | LOW | 8.32-4ubuntu2 | |
Click to expand!http://seclists.org/oss-sec/2016/q1/452
http://www.openwall.com/lists/oss-security/2016/02/28/2
http://www.openwall.com/lists/oss-security/2016/02/28/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lore.kernel.org/patchwork/patch/793178/
| @@ -251,28 +251,28 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+22ubuntu2 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:50:33.452Z INFO Detected OS: alpine -2021-12-04T19:50:33.452Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:50:33.456Z INFO Number of language-specific files: 0 +2021-12-04T19:50:33.452Z INFO Detected OS: alpine +2021-12-04T19:50:33.452Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:50:33.456Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -300,15 +300,15 @@ **Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** -2021-12-04T19:51:01.039Z INFO Detected OS: debian -2021-12-04T19:51:01.039Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:51:01.074Z INFO Number of language-specific files: 2 -2021-12-04T19:51:01.074Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:51:01.039Z INFO Detected OS: debian +2021-12-04T19:51:01.039Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:51:01.074Z INFO Number of language-specific files: 2 +2021-12-04T19:51:01.074Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -457,16 +457,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/photoshow/security.md b/docs/apps/stable/photoshow/security.md index cc95e05c6e1..76b81a1df5c 100644 --- a/docs/apps/stable/photoshow/security.md +++ b/docs/apps/stable/photoshow/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:49:49.158Z INFO Detected config files: 1 +2021-12-04T19:49:49.158Z INFO Detected config files: 1 #### photoshow/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:49:49.954Z INFO Detected OS: alpine -2021-12-04T19:49:49.954Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:49:49.961Z INFO Number of language-specific files: 0 +2021-12-04T19:49:49.954Z INFO Detected OS: alpine +2021-12-04T19:49:49.954Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:49:49.961Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/photoshow:version-48aabb98@sha256:03c034b9ffc3db42e8255c502665ddb352f0219404494bceba8e7c1263f53dfc** -2021-12-04T19:49:55.464Z INFO Number of language-specific files: 0 +2021-12-04T19:49:55.464Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/phpldapadmin/security.md b/docs/apps/stable/phpldapadmin/security.md index 9311b1dfe5b..8beb7957f3c 100644 --- a/docs/apps/stable/phpldapadmin/security.md +++ b/docs/apps/stable/phpldapadmin/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:50:33.848Z INFO Detected config files: 1 +2021-12-04T19:50:33.848Z INFO Detected config files: 1 #### phpldapadmin/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:50:47.244Z INFO Detected OS: alpine -2021-12-04T19:50:47.244Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:50:47.251Z INFO Number of language-specific files: 0 +2021-12-04T19:50:47.244Z INFO Detected OS: alpine +2021-12-04T19:50:47.244Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:50:47.251Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/phpldapadmin:v0.9.0@sha256:5e68d251665b187cc920985f74f57f8ba2ce44cb8d7efaaa100cc19493974807** -2021-12-04T19:50:59.904Z INFO Detected OS: debian -2021-12-04T19:50:59.904Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:50:59.958Z INFO Number of language-specific files: 0 +2021-12-04T19:50:59.904Z INFO Detected OS: debian +2021-12-04T19:50:59.904Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:50:59.958Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/phpldapadmin:v0.9.0@sha256:5e68d251665b187cc920985f74f57f8ba2ce44cb8d7efaaa100cc19493974807 (debian 10.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2 | CVE-2020-11984 | CRITICAL | 2.4.38-3+deb10u3 | 2.4.38-3+deb10u4 |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html
http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html
http://www.openwall.com/lists/oss-security/2020/08/08/1
http://www.openwall.com/lists/oss-security/2020/08/08/10
http://www.openwall.com/lists/oss-security/2020/08/08/8
http://www.openwall.com/lists/oss-security/2020/08/08/9
http://www.openwall.com/lists/oss-security/2020/08/10/5
http://www.openwall.com/lists/oss-security/2020/08/17/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984
https://linux.oracle.com/cve/CVE-2020-11984.html
https://linux.oracle.com/errata/ELSA-2021-1809.html
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9f3244fd9abbce8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9@%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
https://security.gentoo.org/glsa/202008-04
https://security.netapp.com/advisory/ntap-20200814-0005/
https://ubuntu.com/security/notices/USN-4458-1
https://ubuntu.com/security/notices/USN-5054-1
https://usn.ubuntu.com/4458-1/
https://www.debian.org/security/2020/dsa-4757
https://www.openwall.com/lists/oss-security/2020/08/07/1
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
| @@ -816,4 +816,3 @@ | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |
Click to expand!http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1
| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| - diff --git a/docs/apps/stable/piaware/security.md b/docs/apps/stable/piaware/security.md index 6df9d72df11..aaffe96d436 100644 --- a/docs/apps/stable/piaware/security.md +++ b/docs/apps/stable/piaware/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:50:32.785Z INFO Detected config files: 1 +2021-12-04T19:50:32.785Z INFO Detected config files: 1 #### piaware/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:50:35.144Z INFO Detected OS: alpine -2021-12-04T19:50:35.144Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:50:35.149Z INFO Number of language-specific files: 0 +2021-12-04T19:50:35.144Z INFO Detected OS: alpine +2021-12-04T19:50:35.144Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:50:35.149Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/piaware:v6.1@sha256:89938418a62cd3b4bed5e556fb64443f9e0cb9f14bbf41777c09b04f2f1e4f8a** -2021-12-04T19:50:42.077Z INFO Detected OS: debian -2021-12-04T19:50:42.077Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:50:42.098Z INFO Number of language-specific files: 1 -2021-12-04T19:50:42.098Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:50:42.077Z INFO Detected OS: debian +2021-12-04T19:50:42.077Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:50:42.098Z INFO Number of language-specific files: 1 +2021-12-04T19:50:42.098Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/piaware:v6.1@sha256:89938418a62cd3b4bed5e556fb64443f9e0cb9f14bbf41777c09b04f2f1e4f8a (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -240,9 +240,6 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/pihole/security.md b/docs/apps/stable/pihole/security.md index ae95b2fbe18..36e2bd5fcf2 100644 --- a/docs/apps/stable/pihole/security.md +++ b/docs/apps/stable/pihole/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:50:35.610Z INFO Detected config files: 1 +2021-12-04T19:50:35.610Z INFO Detected config files: 1 #### pihole/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:50:43.031Z INFO Detected OS: alpine -2021-12-04T19:50:43.031Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:50:43.039Z INFO Number of language-specific files: 0 +2021-12-04T19:50:43.031Z INFO Detected OS: alpine +2021-12-04T19:50:43.031Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:50:43.039Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/pihole:v2021.10.1@sha256:406a7368955ed3248a924bcb9c578d8554793048e025deb59f03caf6fd3f17c4** -2021-12-04T19:50:52.356Z INFO Detected OS: debian -2021-12-04T19:50:52.356Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:50:52.423Z INFO Number of language-specific files: 2 -2021-12-04T19:50:52.424Z INFO Detecting composer vulnerabilities... -2021-12-04T19:50:52.424Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:50:52.356Z INFO Detected OS: debian +2021-12-04T19:50:52.356Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:50:52.423Z INFO Number of language-specific files: 2 +2021-12-04T19:50:52.424Z INFO Detecting composer vulnerabilities... +2021-12-04T19:50:52.424Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/pihole:v2021.10.1@sha256:406a7368955ed3248a924bcb9c578d8554793048e025deb59f03caf6fd3f17c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -310,16 +310,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/pixapop/security.md b/docs/apps/stable/pixapop/security.md index 244619a0717..83825173a9e 100644 --- a/docs/apps/stable/pixapop/security.md +++ b/docs/apps/stable/pixapop/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:51:16.882Z INFO Detected config files: 1 +2021-12-04T19:51:16.882Z INFO Detected config files: 1 #### pixapop/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:51:18.169Z INFO Detected OS: alpine -2021-12-04T19:51:18.169Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:51:18.172Z INFO Number of language-specific files: 0 +2021-12-04T19:51:18.169Z INFO Detected OS: alpine +2021-12-04T19:51:18.169Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:51:18.172Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/pixapop:v1.2-ls15@sha256:6a05383524fcd51b0b692d508dd16ed6948337aa272677e01baa6d8ba119c070** -2021-12-04T19:51:32.200Z INFO Number of language-specific files: 2 -2021-12-04T19:51:32.200Z INFO Detecting composer vulnerabilities... -2021-12-04T19:51:32.211Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:51:32.200Z INFO Number of language-specific files: 2 +2021-12-04T19:51:32.200Z INFO Detecting composer vulnerabilities... +2021-12-04T19:51:32.211Z INFO Detecting node-pkg vulnerabilities... #### Node.js - + **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | acorn | GHSA-6chw-6frg-f759 | HIGH | 6.1.1 | 5.7.4, 7.1.1, 6.4.1 |
Click to expand!https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
https://github.com/acornjs/acorn/issues/929
https://github.com/advisories/GHSA-6chw-6frg-f759
https://snyk.io/vuln/SNYK-JS-ACORN-559469
https://www.npmjs.com/advisories/1488
| @@ -126,7 +126,7 @@ | yargs-parser | CVE-2020-7608 | MEDIUM | 7.0.0 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 |
Click to expand!https://github.com/advisories/GHSA-p9pc-299p-vxgp
https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
https://linux.oracle.com/cve/CVE-2020-7608.html
https://linux.oracle.com/errata/ELSA-2021-0548.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7608
https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
https://www.npmjs.com/advisories/1500
| **composer** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | symfony/cache | CVE-2019-18889 | CRITICAL | v4.2.3 | 3.4.35, 4.1.0, 4.2.0, 4.2.12, 4.3.8, 3.2.0, 3.3.0, 3.4.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml
https://github.com/advisories/GHSA-79gr-58r3-pwm3
https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
https://nvd.nist.gov/vuln/detail/CVE-2019-18889
https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-18889
| @@ -138,4 +138,3 @@ | symfony/http-kernel | CVE-2019-18887 | HIGH | v4.2.4 | 2.8.0, 3.4.35, 4.3.8, 2.7.0, 2.6.0, 3.1.0, 4.1.0, 4.2.0, 4.2.12, 2.5.0, 3.2.0, 3.3.0, 3.4.0, 2.4.0, 2.8.52, 2.3.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-18887
| | symfony/var-exporter | CVE-2019-11325 | CRITICAL | v4.2.3 | 4.2.12, 4.3.8 |
Click to expand!https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml
https://github.com/advisories/GHSA-w4rc-rx25-8m86
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3
https://nvd.nist.gov/vuln/detail/CVE-2019-11325
https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-11325
| | twig/twig | CVE-2019-9942 | LOW | v2.6.2 | 1.38.0, 2.7.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9942
https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077
https://seclists.org/bugtraq/2019/Mar/60
https://symfony.com/blog/twig-sandbox-information-disclosure
https://www.debian.org/security/2019/dsa-4419
| - diff --git a/docs/apps/stable/plex/security.md b/docs/apps/stable/plex/security.md index 212ba810d8b..b34a5a968db 100644 --- a/docs/apps/stable/plex/security.md +++ b/docs/apps/stable/plex/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:51:39.489Z INFO Detected config files: 1 +2021-12-04T19:51:39.489Z INFO Detected config files: 1 #### plex/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:51:40.295Z INFO Detected OS: alpine -2021-12-04T19:51:40.295Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:51:40.304Z INFO Number of language-specific files: 0 +2021-12-04T19:51:40.295Z INFO Detected OS: alpine +2021-12-04T19:51:40.295Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:51:40.304Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/plex:v1.24.5.5173-8dcc73a59@sha256:48eeac73915041bd70aba28814e8b8f453dbf9948410c578e25d234089286437** -2021-12-04T19:51:54.555Z INFO Detected OS: ubuntu -2021-12-04T19:51:54.555Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:51:54.557Z INFO Number of language-specific files: 1 -2021-12-04T19:51:54.557Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:51:54.555Z INFO Detected OS: ubuntu +2021-12-04T19:51:54.555Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:51:54.557Z INFO Number of language-specific files: 1 +2021-12-04T19:51:54.557Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/plex:v1.24.5.5173-8dcc73a59@sha256:48eeac73915041bd70aba28814e8b8f453dbf9948410c578e25d234089286437 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -153,8 +153,7 @@ | unrar | CVE-2018-25018 | MEDIUM | 1:5.6.6-2build1 | |
Click to expand!https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25018
https://github.com/aawc/unrar/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/podgrab/security.md b/docs/apps/stable/podgrab/security.md index 3dfe243c1bf..d20d4de1b31 100644 --- a/docs/apps/stable/podgrab/security.md +++ b/docs/apps/stable/podgrab/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:51:55.158Z INFO Detected config files: 1 +2021-12-04T19:51:55.158Z INFO Detected config files: 1 #### podgrab/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:51:56.895Z INFO Detected OS: alpine -2021-12-04T19:51:56.895Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:51:56.901Z INFO Number of language-specific files: 0 +2021-12-04T19:51:56.895Z INFO Detected OS: alpine +2021-12-04T19:51:56.895Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:51:56.901Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,27 +61,26 @@ **Container: tccr.io/truecharts/podgrab:v1.0.0@sha256:069fb1ef81d47a37137da2cfd249423c8dc330086c2a2e1271c5895f9f8cae9f** -2021-12-04T19:52:00.409Z INFO Detected OS: alpine -2021-12-04T19:52:00.409Z WARN This OS version is not on the EOL list: alpine 3.15 -2021-12-04T19:52:00.409Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:00.410Z INFO Number of language-specific files: 1 -2021-12-04T19:52:00.410Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:52:00.411Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 -2021-12-04T19:52:00.411Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:52:00.409Z INFO Detected OS: alpine +2021-12-04T19:52:00.409Z WARN This OS version is not on the EOL list: alpine 3.15 +2021-12-04T19:52:00.409Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:00.410Z INFO Number of language-specific files: 1 +2021-12-04T19:52:00.410Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:52:00.411Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 +2021-12-04T19:52:00.411Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/podgrab:v1.0.0@sha256:069fb1ef81d47a37137da2cfd249423c8dc330086c2a2e1271c5895f9f8cae9f (alpine 3.15.0) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/satori/go.uuid | GO-2020-0018 | UNKNOWN | v1.2.0 | v1.2.1-0.20181016170032-d91630c85102 |
Click to expand!
| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200820211705-5c72a883971a | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/docs/apps/stable/pretend-youre-xyzzy/security.md b/docs/apps/stable/pretend-youre-xyzzy/security.md index f59811ce4b8..986046c1306 100644 --- a/docs/apps/stable/pretend-youre-xyzzy/security.md +++ b/docs/apps/stable/pretend-youre-xyzzy/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:51:55.621Z INFO Detected config files: 1 +2021-12-04T19:51:55.621Z INFO Detected config files: 1 #### pretend-youre-xyzzy/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:51:57.630Z INFO Detected OS: alpine -2021-12-04T19:51:57.630Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:51:57.637Z INFO Number of language-specific files: 0 +2021-12-04T19:51:57.630Z INFO Detected OS: alpine +2021-12-04T19:51:57.630Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:51:57.637Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,17 +61,17 @@ **Container: tccr.io/truecharts/pretend-youre-xyzzy:v4@sha256:d2b339819975c546a5360e160c793a615e86ab04e5aed91427ff1dd850205ace** -2021-12-04T19:52:11.214Z INFO Detected OS: alpine -2021-12-04T19:52:11.214Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:11.217Z INFO Number of language-specific files: 1 -2021-12-04T19:52:11.217Z INFO Detecting jar vulnerabilities... -2021-12-04T19:52:11.219Z WARN This OS version is no longer supported by the distribution: alpine 3.4.0 -2021-12-04T19:52:11.219Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T19:52:11.214Z INFO Detected OS: alpine +2021-12-04T19:52:11.214Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:11.217Z INFO Number of language-specific files: 1 +2021-12-04T19:52:11.217Z INFO Detecting jar vulnerabilities... +2021-12-04T19:52:11.219Z WARN This OS version is no longer supported by the distribution: alpine 3.4.0 +2021-12-04T19:52:11.219Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/pretend-youre-xyzzy:v4@sha256:d2b339819975c546a5360e160c793a615e86ab04e5aed91427ff1dd850205ace (alpine 3.4.0) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | libcrypto1.0 | CVE-2018-0732 | HIGH | 1.0.2n-r0 | 1.0.2o-r1 |
Click to expand!http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104442
http://www.securitytracker.com/id/1041090
https://access.redhat.com/errata/RHSA-2018:2552
https://access.redhat.com/errata/RHSA-2018:2553
https://access.redhat.com/errata/RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1543
https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
https://linux.oracle.com/cve/CVE-2018-0732.html
https://linux.oracle.com/errata/ELSA-2018-4249.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
https://security.gentoo.org/glsa/201811-03
https://security.netapp.com/advisory/ntap-20181105-0001/
https://security.netapp.com/advisory/ntap-20190118-0002/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://ubuntu.com/security/notices/USN-3692-1
https://ubuntu.com/security/notices/USN-3692-2
https://usn.ubuntu.com/3692-1/
https://usn.ubuntu.com/3692-2/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.openssl.org/news/secadv/20180612.txt
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2018-12
https://www.tenable.com/security/tns-2018-13
https://www.tenable.com/security/tns-2018-14
https://www.tenable.com/security/tns-2018-17
| @@ -88,7 +88,7 @@ | libssl1.0 | CVE-2018-5407 | MEDIUM | 1.0.2n-r0 | 1.0.2q-r0 |
Click to expand!http://www.securityfocus.com/bid/105897
https://access.redhat.com/errata/RHSA-2019:0483
https://access.redhat.com/errata/RHSA-2019:0651
https://access.redhat.com/errata/RHSA-2019:0652
https://access.redhat.com/errata/RHSA-2019:2125
https://access.redhat.com/errata/RHSA-2019:3929
https://access.redhat.com/errata/RHSA-2019:3931
https://access.redhat.com/errata/RHSA-2019:3932
https://access.redhat.com/errata/RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
https://eprint.iacr.org/2018/1060.pdf
https://github.com/bbbrumley/portsmash
https://linux.oracle.com/cve/CVE-2018-5407.html
https://linux.oracle.com/errata/ELSA-2019-2125.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.gentoo.org/glsa/201903-10
https://security.netapp.com/advisory/ntap-20181126-0001/
https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/notices/USN-3840-1
https://usn.ubuntu.com/3840-1/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.exploit-db.com/exploits/45785/
https://www.openssl.org/news/secadv/20181112.txt
https://www.openwall.com/lists/oss-security/2018/11/01/4
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2018-16
https://www.tenable.com/security/tns-2018-17
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.google.guava:guava | CVE-2018-10237 | MEDIUM | 20.0 | 24.1.1-jre, 24.1.1-android |
Click to expand!http://www.securitytracker.com/id/1041707
https://access.redhat.com/errata/RHSA-2018:2423
https://access.redhat.com/errata/RHSA-2018:2424
https://access.redhat.com/errata/RHSA-2018:2425
https://access.redhat.com/errata/RHSA-2018:2428
https://access.redhat.com/errata/RHSA-2018:2598
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2743
https://access.redhat.com/errata/RHSA-2018:2927
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://github.com/advisories/GHSA-mvr2-9pj6-7w5j
https://github.com/google/guava/wiki/CVE-2018-10237
https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion
https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084@%3Cgitbox.activemq.apache.org%3E
https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc@%3Chdfs-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94@%3Cissues.storm.apache.org%3E
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540@%3Cdev.syncope.apache.org%3E
https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2@%3Cdev.cxf.apache.org%3E
https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45@%3Cissues.flink.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-10237
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -97,4 +97,3 @@ | commons-io:commons-io | CVE-2021-29425 | MEDIUM | 2.6 | 2.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
https://github.com/advisories/GHSA-gwrp-pvrq-jmwv
https://issues.apache.org/jira/browse/IO-556
https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa@%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31@%3Cdev.commons.apache.org%3E
https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a@%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330@%3Cdev.commons.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2021-29425
https://ubuntu.com/security/notices/USN-5095-1
https://www.openwall.com/lists/oss-security/2021/04/12/1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.apache.httpcomponents:httpclient | CVE-2020-13956 | MEDIUM | 4.5.5 | 4.5.13 |
Click to expand!https://github.com/advisories/GHSA-7r82-7xv7-xcpj
https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89@%3Cdev.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E
https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d@%3Ccommits.drill.apache.org%3E
https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381@%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3@%3Cissues.hive.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13956
https://www.openwall.com/lists/oss-security/2020/10/08/4
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.jsoup:jsoup | CVE-2021-37714 | HIGH | 1.11.2 | 1.14.2 |
Click to expand!https://github.com/advisories/GHSA-m72m-mhq2-9p6c
https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c
https://jsoup.org/news/release-1.14.1
https://jsoup.org/news/release-1.14.2
https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b@%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe@%3Cnotifications.james.apache.org%3E
https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa@%3Cnotifications.james.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-37714
| - diff --git a/docs/apps/stable/promcord/security.md b/docs/apps/stable/promcord/security.md index 95165f1156a..23e23f43906 100644 --- a/docs/apps/stable/promcord/security.md +++ b/docs/apps/stable/promcord/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:52:12.453Z INFO Detected config files: 1 +2021-12-04T19:52:12.453Z INFO Detected config files: 1 #### promcord/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:52:13.353Z INFO Detected OS: alpine -2021-12-04T19:52:13.353Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:13.360Z INFO Number of language-specific files: 0 +2021-12-04T19:52:13.353Z INFO Detected OS: alpine +2021-12-04T19:52:13.353Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:13.360Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/promcord:latest@sha256:ba9bee8d89b3ce86ca55d1bd29e13deb31f73a004991b17d8d80c73f2cc1c03c** -2021-12-04T19:52:27.089Z INFO Detected OS: debian -2021-12-04T19:52:27.089Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:52:27.123Z INFO Number of language-specific files: 1 -2021-12-04T19:52:27.123Z INFO Detecting jar vulnerabilities... +2021-12-04T19:52:27.089Z INFO Detected OS: debian +2021-12-04T19:52:27.089Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:52:27.123Z INFO Number of language-specific files: 1 +2021-12-04T19:52:27.123Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/promcord:latest@sha256:ba9bee8d89b3ce86ca55d1bd29e13deb31f73a004991b17d8d80c73f2cc1c03c (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -137,8 +137,7 @@ | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Click to expand!http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-25649 | HIGH | 2.10.1 | 2.6.7.4, 2.9.10.7, 2.10.5.1 |
Click to expand!https://bugzilla.redhat.com/show_bug.cgi?id=1887664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649
https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)
https://github.com/FasterXML/jackson-databind/issues/2589
https://github.com/advisories/GHSA-288c-cq4h-88gq
https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/
https://nvd.nist.gov/vuln/detail/CVE-2020-25649
https://security.netapp.com/advisory/ntap-20210108-0007/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/docs/apps/stable/protonmail-bridge/security.md b/docs/apps/stable/protonmail-bridge/security.md index 30a6ec54afc..d04efe49963 100644 --- a/docs/apps/stable/protonmail-bridge/security.md +++ b/docs/apps/stable/protonmail-bridge/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:52:39.475Z INFO Detected config files: 1 +2021-12-04T19:52:39.475Z INFO Detected config files: 1 #### protonmail-bridge/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:52:40.282Z INFO Detected OS: alpine -2021-12-04T19:52:40.282Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:40.289Z INFO Number of language-specific files: 0 +2021-12-04T19:52:40.282Z INFO Detected OS: alpine +2021-12-04T19:52:40.282Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:40.289Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/protonmail-bridge:v1.8.10-1@sha256:58a54002123cc9a83cfb3170deb0a1dbf4cedabdced09a9c6bcafc19ee4b5631** -2021-12-04T19:52:50.299Z INFO Detected OS: ubuntu -2021-12-04T19:52:50.299Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:52:50.309Z INFO Number of language-specific files: 0 +2021-12-04T19:52:50.299Z INFO Detected OS: ubuntu +2021-12-04T19:52:50.299Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:52:50.309Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/protonmail-bridge:v1.8.10-1@sha256:58a54002123cc9a83cfb3170deb0a1dbf4cedabdced09a9c6bcafc19ee4b5631 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -164,4 +164,3 @@ | passwd | CVE-2013-4235 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | passwd | CVE-2018-7169 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| - diff --git a/docs/apps/stable/prowlarr/security.md b/docs/apps/stable/prowlarr/security.md index 2c6de50696f..ccfedee3c35 100644 --- a/docs/apps/stable/prowlarr/security.md +++ b/docs/apps/stable/prowlarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:52:51.030Z INFO Detected config files: 1 +2021-12-04T19:52:51.030Z INFO Detected config files: 1 #### prowlarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:52:51.717Z INFO Detected OS: alpine -2021-12-04T19:52:51.717Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:52:51.727Z INFO Number of language-specific files: 0 +2021-12-04T19:52:51.717Z INFO Detected OS: alpine +2021-12-04T19:52:51.717Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:52:51.727Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/prowlarr:v0.1.6.1184@sha256:44938a94880e98d0636612cbb3a92b0dc0688c060f7415265c44372e272f4deb** -2021-12-04T19:53:00.578Z INFO Detected OS: ubuntu -2021-12-04T19:53:00.578Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:53:00.580Z INFO Number of language-specific files: 1 -2021-12-04T19:53:00.580Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:53:00.578Z INFO Detected OS: ubuntu +2021-12-04T19:53:00.578Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:53:00.580Z INFO Number of language-specific files: 1 +2021-12-04T19:53:00.580Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/prowlarr:v0.1.6.1184@sha256:44938a94880e98d0636612cbb3a92b0dc0688c060f7415265c44372e272f4deb (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -150,8 +150,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/pyload/security.md b/docs/apps/stable/pyload/security.md index 4e0c5f734dd..51795e3e5d2 100644 --- a/docs/apps/stable/pyload/security.md +++ b/docs/apps/stable/pyload/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:53:01.277Z INFO Detected config files: 1 +2021-12-04T19:53:01.277Z INFO Detected config files: 1 #### pyload/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:53:02.112Z INFO Detected OS: alpine -2021-12-04T19:53:02.112Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:53:02.117Z INFO Number of language-specific files: 0 +2021-12-04T19:53:02.112Z INFO Detected OS: alpine +2021-12-04T19:53:02.112Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:53:02.117Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,13 +61,13 @@ **Container: tccr.io/truecharts/pyload:version-5de90278@sha256:c33489498cb4541bbf936b1ebd1eaebfb0cae279f738aa0e6184969089e94081** -2021-12-04T19:53:13.623Z INFO Number of language-specific files: 1 -2021-12-04T19:53:13.623Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:53:13.623Z INFO Number of language-specific files: 1 +2021-12-04T19:53:13.623Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
| @@ -98,4 +98,3 @@ | Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 |
Click to expand!https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
| | pycrypto | CVE-2013-7459 | CRITICAL | 2.6.1 | |
Click to expand!http://www.openwall.com/lists/oss-security/2016/12/27/8
http://www.securityfocus.com/bid/95122
https://bugzilla.redhat.com/show_bug.cgi?id=1409754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459
https://github.com/advisories/GHSA-cq27-v7xp-c356
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
https://github.com/dlitz/pycrypto/issues/176
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/
https://nvd.nist.gov/vuln/detail/CVE-2013-7459
https://pony7.fr/ctf:public:32c3:cryptmsg
https://security.gentoo.org/glsa/201702-14
https://ubuntu.com/security/notices/USN-3199-1
https://ubuntu.com/security/notices/USN-3199-2
https://ubuntu.com/security/notices/USN-3199-3
| | pycrypto | CVE-2018-6594 | HIGH | 2.6.1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
https://github.com/Legrandin/pycryptodome/issues/90
https://github.com/TElgamal/attack-on-pycrypto-elgamal
https://github.com/advisories/GHSA-6528-wvf6-f6qg
https://github.com/dlitz/pycrypto/issues/253
https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
https://nvd.nist.gov/vuln/detail/CVE-2018-6594
https://security.gentoo.org/glsa/202007-62
https://ubuntu.com/security/notices/USN-3616-1
https://ubuntu.com/security/notices/USN-3616-2
https://usn.ubuntu.com/3616-1/
https://usn.ubuntu.com/3616-2/
| - diff --git a/docs/apps/stable/qbittorrent/security.md b/docs/apps/stable/qbittorrent/security.md index fce32d16feb..36edb139675 100644 --- a/docs/apps/stable/qbittorrent/security.md +++ b/docs/apps/stable/qbittorrent/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:53:14.440Z INFO Detected config files: 1 +2021-12-04T19:53:14.440Z INFO Detected config files: 1 #### qbittorrent/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:53:15.325Z INFO Detected OS: alpine -2021-12-04T19:53:15.325Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:53:15.330Z INFO Number of language-specific files: 0 +2021-12-04T19:53:15.325Z INFO Detected OS: alpine +2021-12-04T19:53:15.325Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:53:15.330Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/qbittorrent:v4.3.9@sha256:6508ca6bd05d003d92852d5bd8deaae3176d776a5789ad68199ba1807d43cf8c** -2021-12-04T19:53:19.253Z INFO Detected OS: ubuntu -2021-12-04T19:53:19.253Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:53:19.263Z INFO Number of language-specific files: 1 -2021-12-04T19:53:19.263Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:53:19.253Z INFO Detected OS: ubuntu +2021-12-04T19:53:19.253Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:53:19.263Z INFO Number of language-specific files: 1 +2021-12-04T19:53:19.263Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/qbittorrent:v4.3.9@sha256:6508ca6bd05d003d92852d5bd8deaae3176d776a5789ad68199ba1807d43cf8c (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -164,8 +164,7 @@ | unrar | CVE-2018-25018 | MEDIUM | 1:5.6.6-2build1 | |
Click to expand!https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25018
https://github.com/aawc/unrar/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/radarr/security.md b/docs/apps/stable/radarr/security.md index 59856c3446c..0549b92d84f 100644 --- a/docs/apps/stable/radarr/security.md +++ b/docs/apps/stable/radarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:53:35.250Z INFO Detected config files: 1 +2021-12-04T19:53:35.250Z INFO Detected config files: 1 #### radarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:53:36.742Z INFO Detected OS: alpine -2021-12-04T19:53:36.742Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:53:36.748Z INFO Number of language-specific files: 0 +2021-12-04T19:53:36.742Z INFO Detected OS: alpine +2021-12-04T19:53:36.742Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:53:36.748Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/radarr:v3.2.2.5080@sha256:6013953bf2b8c6546fed1b2265f5978b30403fa26b990aab7a5ed6e86088866e** -2021-12-04T19:53:42.459Z INFO Detected OS: ubuntu -2021-12-04T19:53:42.459Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:53:42.461Z INFO Number of language-specific files: 1 -2021-12-04T19:53:42.461Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:53:42.459Z INFO Detected OS: ubuntu +2021-12-04T19:53:42.459Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:53:42.461Z INFO Number of language-specific files: 1 +2021-12-04T19:53:42.461Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/radarr:v3.2.2.5080@sha256:6013953bf2b8c6546fed1b2265f5978b30403fa26b990aab7a5ed6e86088866e (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -154,8 +154,7 @@ | perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/readarr/security.md b/docs/apps/stable/readarr/security.md index 0657e7081b4..f86cfe5d71a 100644 --- a/docs/apps/stable/readarr/security.md +++ b/docs/apps/stable/readarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:53:46.659Z INFO Detected config files: 1 +2021-12-04T19:53:46.659Z INFO Detected config files: 1 #### readarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:53:49.441Z INFO Detected OS: alpine -2021-12-04T19:53:49.441Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:53:49.448Z INFO Number of language-specific files: 0 +2021-12-04T19:53:49.441Z INFO Detected OS: alpine +2021-12-04T19:53:49.441Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:53:49.448Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/readarr:v0.1.0.1081@sha256:0750f1d772a4e9915f0241bff4e7aee030d53186ec83a0bad4630b3bf6926880** -2021-12-04T19:54:00.112Z INFO Detected OS: ubuntu -2021-12-04T19:54:00.112Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:54:00.131Z INFO Number of language-specific files: 1 -2021-12-04T19:54:00.131Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:54:00.112Z INFO Detected OS: ubuntu +2021-12-04T19:54:00.112Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:54:00.131Z INFO Number of language-specific files: 1 +2021-12-04T19:54:00.131Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/readarr:v0.1.0.1081@sha256:0750f1d772a4e9915f0241bff4e7aee030d53186ec83a0bad4630b3bf6926880 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -150,8 +150,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/recipes/security.md b/docs/apps/stable/recipes/security.md index 1f63080cf91..b5ce651bafc 100644 --- a/docs/apps/stable/recipes/security.md +++ b/docs/apps/stable/recipes/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:54:11.231Z INFO Detected config files: 2 +2021-12-04T19:54:11.231Z INFO Detected config files: 2 #### recipes/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -37,14 +37,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:12.167Z INFO Detected OS: alpine -2021-12-04T19:54:12.168Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:12.172Z INFO Number of language-specific files: 0 +2021-12-04T19:54:12.167Z INFO Detected OS: alpine +2021-12-04T19:54:12.168Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:12.172Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -72,16 +72,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:54:13.238Z INFO Detected OS: debian -2021-12-04T19:54:13.238Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:54:13.279Z INFO Number of language-specific files: 2 -2021-12-04T19:54:13.279Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:54:13.279Z INFO Detecting jar vulnerabilities... +2021-12-04T19:54:13.238Z INFO Detected OS: debian +2021-12-04T19:54:13.238Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:54:13.279Z INFO Number of language-specific files: 2 +2021-12-04T19:54:13.279Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:54:13.279Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -276,31 +276,31 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/recipes:v1.0.2@sha256:d61f230769c64948f1b2c56ec189666bb08821b02f383f4e0c299c35d2542cbc** -2021-12-04T19:54:42.983Z INFO Detected OS: alpine -2021-12-04T19:54:42.983Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:42.985Z INFO Number of language-specific files: 2 -2021-12-04T19:54:42.985Z INFO Detecting python-pkg vulnerabilities... -2021-12-04T19:54:42.998Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:54:42.983Z INFO Detected OS: alpine +2021-12-04T19:54:42.983Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:42.985Z INFO Number of language-specific files: 2 +2021-12-04T19:54:42.985Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:54:42.998Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/recipes:v1.0.2@sha256:d61f230769c64948f1b2c56ec189666bb08821b02f383f4e0c299c35d2542cbc (alpine 3.12.7) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.6-r0 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -331,7 +331,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | @actions/core | CVE-2020-15228 | MEDIUM | 1.2.0 | 1.2.6 |
Click to expand!http://packetstormsecurity.com/files/159794/GitHub-Widespread-Injection.html
https://github.com/actions/toolkit/security/advisories/GHSA-mfwh-5m23-j46w
https://github.com/advisories/GHSA-mfwh-5m23-j46w
https://nvd.nist.gov/vuln/detail/CVE-2020-15228
| @@ -343,7 +343,7 @@ | nth-check | CVE-2021-3803 | HIGH | 1.0.2 | 2.0.1 |
Click to expand!https://github.com/advisories/GHSA-rp65-9cf3-cjxr
https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726
https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0
https://nvd.nist.gov/vuln/detail/CVE-2021-3803
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | python-ldap | GHSA-r8wq-qrxc-hmcm | MEDIUM | 3.3.1 | 3.4.0 |
Click to expand!https://github.com/advisories/GHSA-r8wq-qrxc-hmcm
https://github.com/python-ldap/python-ldap/issues/424
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
| @@ -356,14 +356,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:48.281Z INFO Detected OS: alpine -2021-12-04T19:54:48.281Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:48.288Z INFO Number of language-specific files: 0 +2021-12-04T19:54:48.281Z INFO Detected OS: alpine +2021-12-04T19:54:48.281Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:48.288Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -391,16 +391,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:54:53.455Z INFO Detected OS: debian -2021-12-04T19:54:53.455Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:54:53.518Z INFO Number of language-specific files: 2 -2021-12-04T19:54:53.518Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:54:53.518Z INFO Detecting jar vulnerabilities... +2021-12-04T19:54:53.455Z INFO Detected OS: debian +2021-12-04T19:54:53.455Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:54:53.518Z INFO Number of language-specific files: 2 +2021-12-04T19:54:53.518Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:54:53.518Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -595,16 +595,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/reg/security.md b/docs/apps/stable/reg/security.md index 4a060692c17..740348d0f26 100644 --- a/docs/apps/stable/reg/security.md +++ b/docs/apps/stable/reg/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:54:04.941Z INFO Detected config files: 1 +2021-12-04T19:54:04.941Z INFO Detected config files: 1 #### reg/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:05.759Z INFO Detected OS: alpine -2021-12-04T19:54:05.759Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:05.767Z INFO Number of language-specific files: 0 +2021-12-04T19:54:05.759Z INFO Detected OS: alpine +2021-12-04T19:54:05.759Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:05.767Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/reg:v0.16.1@sha256:ae581387764a23c62c1386389e27358bac5088790904938264cb0bcd4e8c946c** -2021-12-04T19:54:10.068Z INFO Detected OS: ubuntu -2021-12-04T19:54:10.068Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:54:10.072Z INFO Number of language-specific files: 2 -2021-12-04T19:54:10.072Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:54:10.068Z INFO Detected OS: ubuntu +2021-12-04T19:54:10.068Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:54:10.072Z INFO Number of language-specific files: 2 +2021-12-04T19:54:10.072Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/reg:v0.16.1@sha256:ae581387764a23c62c1386389e27358bac5088790904938264cb0bcd4e8c946c (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -171,7 +171,7 @@ | perl-modules-5.30 | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.2.9 | v1.4.11, v1.5.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://nvd.nist.gov/vuln/detail/CVE-2021-41103
https://ubuntu.com/security/notices/USN-5100-1
https://www.debian.org/security/2021/dsa-5002
| @@ -185,8 +185,7 @@ | github.com/opencontainers/runc | CVE-2019-19921 | HIGH | v0.1.1 | v1.0.0-rc9.0.20200122160610-2fc03cc11c77 |
Click to expand!http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
https://access.redhat.com/errata/RHSA-2020:0688
https://access.redhat.com/errata/RHSA-2020:0695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921
https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
https://github.com/opencontainers/runc/issues/2197
https://github.com/opencontainers/runc/pull/2190
https://github.com/opencontainers/runc/pull/2207
https://github.com/opencontainers/runc/releases
https://linux.oracle.com/cve/CVE-2019-19921.html
https://linux.oracle.com/errata/ELSA-2020-1650.html
https://security-tracker.debian.org/tracker/CVE-2019-19921
https://security.gentoo.org/glsa/202003-21
https://ubuntu.com/security/notices/USN-4297-1
https://usn.ubuntu.com/4297-1/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/remmina/security.md b/docs/apps/stable/remmina/security.md index f999f515639..0e06e0a1cd0 100644 --- a/docs/apps/stable/remmina/security.md +++ b/docs/apps/stable/remmina/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:54:43.607Z INFO Detected config files: 1 +2021-12-04T19:54:43.607Z INFO Detected config files: 1 #### remmina/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:44.408Z INFO Detected OS: alpine -2021-12-04T19:54:44.408Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:44.417Z INFO Number of language-specific files: 0 +2021-12-04T19:54:44.408Z INFO Detected OS: alpine +2021-12-04T19:54:44.408Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:44.417Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/remmina:version-1.2.0-rcgit.29dfsg-1ubuntu1@sha256:c7795b9222063e436c77a94436da5e1bcdc1b13891f936673369588830a5ae8d** -2021-12-04T19:54:46.555Z INFO Detected OS: ubuntu -2021-12-04T19:54:46.555Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:54:46.566Z INFO Number of language-specific files: 1 -2021-12-04T19:54:46.566Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:54:46.555Z INFO Detected OS: ubuntu +2021-12-04T19:54:46.555Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:54:46.566Z INFO Number of language-specific files: 1 +2021-12-04T19:54:46.566Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/remmina:version-1.2.0-rcgit.29dfsg-1ubuntu1@sha256:c7795b9222063e436c77a94436da5e1bcdc1b13891f936673369588830a5ae8d (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -298,9 +298,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/docs/apps/stable/resilio-sync/security.md b/docs/apps/stable/resilio-sync/security.md index 5b060d68200..8fe5ecb25ca 100644 --- a/docs/apps/stable/resilio-sync/security.md +++ b/docs/apps/stable/resilio-sync/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:54:45.053Z INFO Detected config files: 1 +2021-12-04T19:54:45.053Z INFO Detected config files: 1 #### resilio-sync/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:47.633Z INFO Detected OS: alpine -2021-12-04T19:54:47.633Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:47.643Z INFO Number of language-specific files: 0 +2021-12-04T19:54:47.633Z INFO Detected OS: alpine +2021-12-04T19:54:47.633Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:47.643Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/resilio-sync:version-2.7.2.1375@sha256:54f42485d39a7773ff2e13c27ebfc32fc448eaf13f8972f38e14eedadb0b3a2e** -2021-12-04T19:54:52.339Z INFO Detected OS: ubuntu -2021-12-04T19:54:52.339Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:54:52.342Z INFO Number of language-specific files: 0 +2021-12-04T19:54:52.339Z INFO Detected OS: ubuntu +2021-12-04T19:54:52.339Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:54:52.342Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/resilio-sync:version-2.7.2.1375@sha256:54f42485d39a7773ff2e13c27ebfc32fc448eaf13f8972f38e14eedadb0b3a2e (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -183,4 +183,3 @@ | passwd | CVE-2013-4235 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | passwd | CVE-2018-7169 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| - diff --git a/docs/apps/stable/sabnzbd/security.md b/docs/apps/stable/sabnzbd/security.md index f32eb00b4ab..f36e918568a 100644 --- a/docs/apps/stable/sabnzbd/security.md +++ b/docs/apps/stable/sabnzbd/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:54:54.455Z INFO Detected config files: 1 +2021-12-04T19:54:54.455Z INFO Detected config files: 1 #### sabnzbd/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:54:55.570Z INFO Detected OS: alpine -2021-12-04T19:54:55.570Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:54:55.583Z INFO Number of language-specific files: 0 +2021-12-04T19:54:55.570Z INFO Detected OS: alpine +2021-12-04T19:54:55.570Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:54:55.583Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/sabnzbd:v3.4.2@sha256:23f1fd8ff6709a1f11b08134f5463887efcfaa5aa1beadf32984d56b9b93c35d** -2021-12-04T19:55:00.638Z INFO Detected OS: ubuntu -2021-12-04T19:55:00.638Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:55:00.641Z INFO Number of language-specific files: 2 -2021-12-04T19:55:00.641Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:55:00.641Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:55:00.638Z INFO Detected OS: ubuntu +2021-12-04T19:55:00.638Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:55:00.641Z INFO Number of language-specific files: 2 +2021-12-04T19:55:00.641Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:55:00.641Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/sabnzbd:v3.4.2@sha256:23f1fd8ff6709a1f11b08134f5463887efcfaa5aa1beadf32984d56b9b93c35d (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -149,15 +149,14 @@ | unrar | CVE-2018-25018 | MEDIUM | 1:5.6.6-2build1 | |
Click to expand!https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25018
https://github.com/aawc/unrar/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/ser2sock/security.md b/docs/apps/stable/ser2sock/security.md index 8976e57fa25..4bec5c0ecb2 100644 --- a/docs/apps/stable/ser2sock/security.md +++ b/docs/apps/stable/ser2sock/security.md @@ -4,7 +4,7 @@ ##### Scan Results -2021-12-04T19:55:29.375Z INFO Detected config files: 0 +2021-12-04T19:55:29.375Z INFO Detected config files: 0 | No Vulnerabilities found | |:---------------------------------| @@ -15,4 +15,3 @@ ##### Scan Results - diff --git a/docs/apps/stable/shiori/security.md b/docs/apps/stable/shiori/security.md index b8f5d978bfb..9c2a93f43c8 100644 --- a/docs/apps/stable/shiori/security.md +++ b/docs/apps/stable/shiori/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:55:50.174Z INFO Detected config files: 2 +2021-12-04T19:55:50.174Z INFO Detected config files: 2 #### shiori/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:55:53.657Z INFO Detected OS: alpine -2021-12-04T19:55:53.657Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:55:53.665Z INFO Number of language-specific files: 0 +2021-12-04T19:55:53.657Z INFO Detected OS: alpine +2021-12-04T19:55:53.657Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:55:53.665Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:55:55.004Z INFO Detected OS: debian -2021-12-04T19:55:55.005Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:55:55.041Z INFO Number of language-specific files: 2 -2021-12-04T19:55:55.041Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:55:55.042Z INFO Detecting jar vulnerabilities... +2021-12-04T19:55:55.004Z INFO Detected OS: debian +2021-12-04T19:55:55.005Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:55:55.041Z INFO Number of language-specific files: 2 +2021-12-04T19:55:55.041Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:55:55.042Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,28 +275,28 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/shiori:version-v1.5.0@sha256:6c6331888c9a5162def49b6212327242f7f5c96e2d5a1bb031f79321cc1c0549** -2021-12-04T19:56:03.324Z INFO Number of language-specific files: 1 -2021-12-04T19:56:03.324Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:56:03.324Z INFO Number of language-specific files: 1 +2021-12-04T19:56:03.324Z INFO Detecting gobinary vulnerabilities... #### go/bin/shiori - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20190701094942-4def268fd1a4 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| @@ -304,14 +304,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:56:04.946Z INFO Detected OS: alpine -2021-12-04T19:56:04.946Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:56:04.960Z INFO Number of language-specific files: 0 +2021-12-04T19:56:04.946Z INFO Detected OS: alpine +2021-12-04T19:56:04.946Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:56:04.960Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -339,16 +339,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:56:06.183Z INFO Detected OS: debian -2021-12-04T19:56:06.183Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:56:06.236Z INFO Number of language-specific files: 2 -2021-12-04T19:56:06.236Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:56:06.236Z INFO Detecting jar vulnerabilities... +2021-12-04T19:56:06.183Z INFO Detected OS: debian +2021-12-04T19:56:06.183Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:56:06.236Z INFO Number of language-specific files: 2 +2021-12-04T19:56:06.236Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:56:06.236Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -543,16 +543,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/shorturl/security.md b/docs/apps/stable/shorturl/security.md index 5b7c2366542..1c8b3b5232e 100644 --- a/docs/apps/stable/shorturl/security.md +++ b/docs/apps/stable/shorturl/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:55:45.195Z INFO Detected config files: 1 +2021-12-04T19:55:45.195Z INFO Detected config files: 1 #### shorturl/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:55:49.512Z INFO Detected OS: alpine -2021-12-04T19:55:49.512Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:55:49.521Z INFO Number of language-specific files: 0 +2021-12-04T19:55:49.512Z INFO Detected OS: alpine +2021-12-04T19:55:49.512Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:55:49.521Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/shorturl:version-v0.1.0@sha256:3893eab50b4d790958b31cbb7fd5d545369e7f91ee2d77551352a6510c86ba03** -2021-12-04T19:55:52.102Z INFO Number of language-specific files: 0 +2021-12-04T19:55:52.102Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/sickchill/security.md b/docs/apps/stable/sickchill/security.md index 531b954abb5..4780e01c8b1 100644 --- a/docs/apps/stable/sickchill/security.md +++ b/docs/apps/stable/sickchill/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:55:52.602Z INFO Detected config files: 1 +2021-12-04T19:55:52.602Z INFO Detected config files: 1 #### sickchill/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:55:54.295Z INFO Detected OS: alpine -2021-12-04T19:55:54.295Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:55:54.301Z INFO Number of language-specific files: 0 +2021-12-04T19:55:54.295Z INFO Detected OS: alpine +2021-12-04T19:55:54.295Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:55:54.301Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/sickchill:v2021.5.10-1-ls63@sha256:f9fd82d8c6d12bc85dcc7813b7216087efb006dc05104ce67386ec989be25dc4** -2021-12-04T19:56:01.534Z INFO Number of language-specific files: 1 -2021-12-04T19:56:01.534Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:56:01.534Z INFO Number of language-specific files: 1 +2021-12-04T19:56:01.534Z INFO Detecting python-pkg vulnerabilities... #### Python - + **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/sickgear/security.md b/docs/apps/stable/sickgear/security.md index be19d0d7441..6464eebf7e7 100644 --- a/docs/apps/stable/sickgear/security.md +++ b/docs/apps/stable/sickgear/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:56:04.011Z INFO Detected config files: 1 +2021-12-04T19:56:04.011Z INFO Detected config files: 1 #### sickgear/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:56:05.604Z INFO Detected OS: alpine -2021-12-04T19:56:05.605Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:56:05.620Z INFO Number of language-specific files: 0 +2021-12-04T19:56:05.604Z INFO Detected OS: alpine +2021-12-04T19:56:05.605Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:56:05.620Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/sickgear:version-release_0.25.4@sha256:6a78e9f784cf298552402143bee239858956f4783c7619e9a2b960c0d0d15d73** -2021-12-04T19:56:10.897Z INFO Number of language-specific files: 0 +2021-12-04T19:56:10.897Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/smokeping/security.md b/docs/apps/stable/smokeping/security.md index 325ef7d9953..976bf057228 100644 --- a/docs/apps/stable/smokeping/security.md +++ b/docs/apps/stable/smokeping/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:56:31.963Z INFO Detected config files: 1 +2021-12-04T19:56:31.963Z INFO Detected config files: 1 #### smokeping/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:56:33.193Z INFO Detected OS: alpine -2021-12-04T19:56:33.193Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:56:33.202Z INFO Number of language-specific files: 0 +2021-12-04T19:56:33.193Z INFO Detected OS: alpine +2021-12-04T19:56:33.193Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:56:33.202Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/smokeping:version-2.7.3-r5@sha256:e56ba2420901250afb865a7e03e43956dcff17503ce44c48b20064980a42f5a4** -2021-12-04T19:56:42.773Z INFO Number of language-specific files: 0 +2021-12-04T19:56:42.773Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/sonarr/security.md b/docs/apps/stable/sonarr/security.md index aa44f5c7bb4..38625eae526 100644 --- a/docs/apps/stable/sonarr/security.md +++ b/docs/apps/stable/sonarr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:56:44.447Z INFO Detected config files: 1 +2021-12-04T19:56:44.447Z INFO Detected config files: 1 #### sonarr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:56:45.218Z INFO Detected OS: alpine -2021-12-04T19:56:45.218Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:56:45.231Z INFO Number of language-specific files: 0 +2021-12-04T19:56:45.218Z INFO Detected OS: alpine +2021-12-04T19:56:45.218Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:56:45.231Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/sonarr:v3.0.6.1342@sha256:245800dc1c4304f8121bf0d3e5dda4251eb613b0dfe20e5975ceb9f88eaba8e6** -2021-12-04T19:57:01.803Z INFO Detected OS: ubuntu -2021-12-04T19:57:01.803Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:57:01.806Z INFO Number of language-specific files: 1 -2021-12-04T19:57:01.806Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:57:01.803Z INFO Detected OS: ubuntu +2021-12-04T19:57:01.803Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:57:01.806Z INFO Number of language-specific files: 1 +2021-12-04T19:57:01.806Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/sonarr:v3.0.6.1342@sha256:245800dc1c4304f8121bf0d3e5dda4251eb613b0dfe20e5975ceb9f88eaba8e6 (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -181,8 +181,7 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/speedtest-exporter/security.md b/docs/apps/stable/speedtest-exporter/security.md index dd52f59a0e2..5d5e5b3c487 100644 --- a/docs/apps/stable/speedtest-exporter/security.md +++ b/docs/apps/stable/speedtest-exporter/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:02.665Z INFO Detected config files: 1 +2021-12-04T19:57:02.665Z INFO Detected config files: 1 #### speedtest-exporter/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:03.873Z INFO Detected OS: alpine -2021-12-04T19:57:03.873Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:03.882Z INFO Number of language-specific files: 0 +2021-12-04T19:57:03.873Z INFO Detected OS: alpine +2021-12-04T19:57:03.873Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:03.882Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/speedtest-exporter:v3.3.4** -2021-12-04T19:57:09.310Z INFO Detected OS: alpine -2021-12-04T19:57:09.310Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:09.318Z INFO Number of language-specific files: 1 -2021-12-04T19:57:09.318Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:57:09.310Z INFO Detected OS: alpine +2021-12-04T19:57:09.310Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:09.318Z INFO Number of language-specific files: 1 +2021-12-04T19:57:09.318Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/speedtest-exporter:v3.3.4 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -97,9 +97,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/sqlitebrowser/security.md b/docs/apps/stable/sqlitebrowser/security.md index da5a8ae5dd4..83edd6fd0c2 100644 --- a/docs/apps/stable/sqlitebrowser/security.md +++ b/docs/apps/stable/sqlitebrowser/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:02.264Z INFO Detected config files: 1 +2021-12-04T19:57:02.264Z INFO Detected config files: 1 #### sqlitebrowser/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:03.304Z INFO Detected OS: alpine -2021-12-04T19:57:03.304Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:03.310Z INFO Number of language-specific files: 0 +2021-12-04T19:57:03.304Z INFO Detected OS: alpine +2021-12-04T19:57:03.304Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:03.310Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/sqlitebrowser:version-3.12.2-02876202105241947ubuntu18.04.1@sha256:fc18746d4b3c37355ef0015b34c9bdd1d023c528d05097bf6dc839d54234fc48** -2021-12-04T19:57:06.495Z INFO Detected OS: ubuntu -2021-12-04T19:57:06.495Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:57:06.506Z INFO Number of language-specific files: 1 -2021-12-04T19:57:06.506Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:57:06.495Z INFO Detected OS: ubuntu +2021-12-04T19:57:06.495Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:57:06.506Z INFO Number of language-specific files: 1 +2021-12-04T19:57:06.506Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/sqlitebrowser:version-3.12.2-02876202105241947ubuntu18.04.1@sha256:fc18746d4b3c37355ef0015b34c9bdd1d023c528d05097bf6dc839d54234fc48 (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -284,9 +284,8 @@ | xutils | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | deep-extend | CVE-2018-3750 | CRITICAL | 0.4.2 | 0.5.1 |
Click to expand!https://github.com/advisories/GHSA-hr2v-3952-633q
https://hackerone.com/reports/311333
https://nodesecurity.io/advisories/612
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
https://www.npmjs.com/advisories/612
| | deep-extend | NSWG-ECO-408 | LOW | 0.4.2 | >=0.5.1 |
Click to expand!https://hackerone.com/reports/311333
| - diff --git a/docs/apps/stable/stash/security.md b/docs/apps/stable/stash/security.md index 7857f219385..994b1cc347f 100644 --- a/docs/apps/stable/stash/security.md +++ b/docs/apps/stable/stash/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:23.328Z INFO Detected config files: 1 +2021-12-04T19:57:23.328Z INFO Detected config files: 1 #### stash/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:24.345Z INFO Detected OS: alpine -2021-12-04T19:57:24.345Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:24.360Z INFO Number of language-specific files: 0 +2021-12-04T19:57:24.345Z INFO Detected OS: alpine +2021-12-04T19:57:24.345Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:24.360Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,32 +61,29 @@ **Container: tccr.io/truecharts/stash:v0.11.0@sha256:8ce5c582a35c7ad8db0ef9e0bcfeb03bccfa1bc7e8432f36ec572f8e5a2fc97d** -2021-12-04T19:57:32.061Z INFO Detected OS: alpine -2021-12-04T19:57:32.061Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:32.084Z INFO Number of language-specific files: 2 -2021-12-04T19:57:32.084Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:57:32.085Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:57:32.061Z INFO Detected OS: alpine +2021-12-04T19:57:32.061Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:32.084Z INFO Number of language-specific files: 2 +2021-12-04T19:57:32.084Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:57:32.085Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/stash:v0.11.0@sha256:8ce5c582a35c7ad8db0ef9e0bcfeb03bccfa1bc7e8432f36ec572f8e5a2fc97d (alpine 3.14.3) - + **alpine** - + | No Vulnerabilities found | |:---------------------------------| - + **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/static/security.md b/docs/apps/stable/static/security.md index 7fa02b82fec..455e99b1249 100644 --- a/docs/apps/stable/static/security.md +++ b/docs/apps/stable/static/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:48.240Z INFO Detected config files: 1 +2021-12-04T19:57:48.240Z INFO Detected config files: 1 #### static/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:49.600Z INFO Detected OS: alpine -2021-12-04T19:57:49.600Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:49.606Z INFO Number of language-specific files: 0 +2021-12-04T19:57:49.600Z INFO Detected OS: alpine +2021-12-04T19:57:49.600Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:49.606Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,12 @@ **Container: tccr.io/truecharts/static:version-ee8a20c@sha256:5644e67d64d9c23330ffd83e62a99f268a801b6d76b67d07a998952de131e00b** -2021-12-04T19:57:52.038Z INFO Number of language-specific files: 1 -2021-12-04T19:57:52.038Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:57:52.038Z INFO Number of language-specific files: 1 +2021-12-04T19:57:52.038Z INFO Detecting gobinary vulnerabilities... #### go/bin/static - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/statping/security.md b/docs/apps/stable/statping/security.md index 554100818d9..a67e153a8be 100644 --- a/docs/apps/stable/statping/security.md +++ b/docs/apps/stable/statping/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:58:03.642Z INFO Detected config files: 2 +2021-12-04T19:58:03.642Z INFO Detected config files: 2 #### statping/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:04.723Z INFO Detected OS: alpine -2021-12-04T19:58:04.723Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:04.728Z INFO Number of language-specific files: 0 +2021-12-04T19:58:04.723Z INFO Detected OS: alpine +2021-12-04T19:58:04.723Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:04.728Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:58:05.556Z INFO Detected OS: debian -2021-12-04T19:58:05.557Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:58:05.594Z INFO Number of language-specific files: 2 -2021-12-04T19:58:05.594Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:58:05.603Z INFO Detecting jar vulnerabilities... +2021-12-04T19:58:05.556Z INFO Detected OS: debian +2021-12-04T19:58:05.557Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:58:05.594Z INFO Number of language-specific files: 2 +2021-12-04T19:58:05.594Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:05.603Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/statping:v0.90.74@sha256:1c7e6cf35253668dd55ab20dde3c3e10d2fefd31416963b81d63846b672f38ce** -2021-12-04T19:58:09.072Z INFO Detected OS: alpine -2021-12-04T19:58:09.072Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:09.073Z INFO Number of language-specific files: 1 -2021-12-04T19:58:09.073Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:09.072Z INFO Detected OS: alpine +2021-12-04T19:58:09.072Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:09.073Z INFO Number of language-specific files: 1 +2021-12-04T19:58:09.073Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/statping:v0.90.74@sha256:1c7e6cf35253668dd55ab20dde3c3e10d2fefd31416963b81d63846b672f38ce (alpine 3.12.3) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -365,7 +365,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r19 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/dgrijalva/jwt-go | CVE-2020-26160 | HIGH | v3.2.0+incompatible | |
Click to expand!https://github.com/dgrijalva/jwt-go/pull/426
https://nvd.nist.gov/vuln/detail/CVE-2020-26160
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
| @@ -373,14 +373,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:09.949Z INFO Detected OS: alpine -2021-12-04T19:58:09.949Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:09.959Z INFO Number of language-specific files: 0 +2021-12-04T19:58:09.949Z INFO Detected OS: alpine +2021-12-04T19:58:09.949Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:09.959Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -408,16 +408,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:58:10.725Z INFO Detected OS: debian -2021-12-04T19:58:10.725Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:58:10.770Z INFO Number of language-specific files: 2 -2021-12-04T19:58:10.770Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:58:10.770Z INFO Detecting jar vulnerabilities... +2021-12-04T19:58:10.725Z INFO Detected OS: debian +2021-12-04T19:58:10.725Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:58:10.770Z INFO Number of language-specific files: 2 +2021-12-04T19:58:10.770Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:10.770Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -612,16 +612,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/syncthing/security.md b/docs/apps/stable/syncthing/security.md index 2385d47c974..b3cf4505aed 100644 --- a/docs/apps/stable/syncthing/security.md +++ b/docs/apps/stable/syncthing/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:57:57.764Z INFO Detected config files: 1 +2021-12-04T19:57:57.764Z INFO Detected config files: 1 #### syncthing/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:57:58.598Z INFO Detected OS: alpine -2021-12-04T19:57:58.598Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:57:58.605Z INFO Number of language-specific files: 0 +2021-12-04T19:57:58.598Z INFO Detected OS: alpine +2021-12-04T19:57:58.598Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:57:58.605Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/syncthing:v1.18.4@sha256:cc2bd691927ec19b9aac2d4a3e2330cb0ce9458dda761ead7dddd5f2d8338221** -2021-12-04T19:58:00.666Z INFO Detected OS: alpine -2021-12-04T19:58:00.666Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:00.668Z INFO Number of language-specific files: 1 -2021-12-04T19:58:00.668Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:00.666Z INFO Detected OS: alpine +2021-12-04T19:58:00.666Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:00.668Z INFO Number of language-specific files: 1 +2021-12-04T19:58:00.668Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/syncthing:v1.18.4@sha256:cc2bd691927ec19b9aac2d4a3e2330cb0ce9458dda761ead7dddd5f2d8338221 (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -96,9 +96,6 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/tautulli/security.md b/docs/apps/stable/tautulli/security.md index 79d324706f8..c3c814653df 100644 --- a/docs/apps/stable/tautulli/security.md +++ b/docs/apps/stable/tautulli/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:58:17.750Z INFO Detected config files: 1 +2021-12-04T19:58:17.750Z INFO Detected config files: 1 #### tautulli/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:18.899Z INFO Detected OS: alpine -2021-12-04T19:58:18.899Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:18.908Z INFO Number of language-specific files: 0 +2021-12-04T19:58:18.899Z INFO Detected OS: alpine +2021-12-04T19:58:18.899Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:18.908Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/tautulli:v2.7.7@sha256:c63a409b9d44b5018dfe72955609f6b25b70945976739cd28f1f0af6e73484df** -2021-12-04T19:58:22.626Z INFO Detected OS: ubuntu -2021-12-04T19:58:22.626Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:58:22.630Z INFO Number of language-specific files: 2 -2021-12-04T19:58:22.630Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:58:22.631Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T19:58:22.626Z INFO Detected OS: ubuntu +2021-12-04T19:58:22.626Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:58:22.630Z INFO Number of language-specific files: 2 +2021-12-04T19:58:22.630Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:22.631Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/tautulli:v2.7.7@sha256:c63a409b9d44b5018dfe72955609f6b25b70945976739cd28f1f0af6e73484df (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -148,15 +148,14 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04.1 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/teamspeak3/security.md b/docs/apps/stable/teamspeak3/security.md index dc1f2356d3f..5afbd026d36 100644 --- a/docs/apps/stable/teamspeak3/security.md +++ b/docs/apps/stable/teamspeak3/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:58:38.915Z INFO Detected config files: 1 +2021-12-04T19:58:38.915Z INFO Detected config files: 1 #### teamspeak3/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:43.063Z INFO Detected OS: alpine -2021-12-04T19:58:43.063Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:43.071Z INFO Number of language-specific files: 0 +2021-12-04T19:58:43.063Z INFO Detected OS: alpine +2021-12-04T19:58:43.063Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:43.071Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,15 @@ **Container: tccr.io/truecharts/teamspeak:v3.13.6@sha256:24acbeffda16a22105e06d60286e1c93d148c8467177feaf760bbe1ef3b9654c** -2021-12-04T19:58:47.002Z INFO Detected OS: alpine -2021-12-04T19:58:47.002Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:47.004Z INFO Number of language-specific files: 0 +2021-12-04T19:58:47.002Z INFO Detected OS: alpine +2021-12-04T19:58:47.002Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:47.004Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/teamspeak:v3.13.6@sha256:24acbeffda16a22105e06d60286e1c93d148c8467177feaf760bbe1ef3b9654c (alpine 3.13.7) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | libpq | CVE-2021-23214 | HIGH | 13.4-r0 | 13.5-r0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23214
https://ubuntu.com/security/notices/USN-5145-1
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
| | libpq | CVE-2021-23222 | LOW | 13.4-r0 | 13.5-r0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23222
https://ubuntu.com/security/notices/USN-5145-1
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
| - diff --git a/docs/apps/stable/teedy/security.md b/docs/apps/stable/teedy/security.md index 7b9f7b5aafa..bda77fe291b 100644 --- a/docs/apps/stable/teedy/security.md +++ b/docs/apps/stable/teedy/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:58:52.691Z INFO Detected config files: 2 +2021-12-04T19:58:52.691Z INFO Detected config files: 2 #### teedy/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:58:53.599Z INFO Detected OS: alpine -2021-12-04T19:58:53.599Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:58:53.606Z INFO Number of language-specific files: 0 +2021-12-04T19:58:53.599Z INFO Detected OS: alpine +2021-12-04T19:58:53.599Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:58:53.606Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:58:54.448Z INFO Detected OS: debian -2021-12-04T19:58:54.448Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:58:54.506Z INFO Number of language-specific files: 2 -2021-12-04T19:58:54.506Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:58:54.506Z INFO Detecting jar vulnerabilities... +2021-12-04T19:58:54.448Z INFO Detected OS: debian +2021-12-04T19:58:54.448Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:58:54.506Z INFO Number of language-specific files: 2 +2021-12-04T19:58:54.506Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:58:54.506Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/docs:v1.9@sha256:23e9053e5eb837b31ae08bc770865827c7a2dc49dfc46fa2eba55f18fe8b21da** -2021-12-04T19:59:18.424Z INFO Detected OS: ubuntu -2021-12-04T19:59:18.424Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:59:18.436Z INFO Number of language-specific files: 1 -2021-12-04T19:59:18.436Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:18.424Z INFO Detected OS: ubuntu +2021-12-04T19:59:18.424Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:59:18.436Z INFO Number of language-specific files: 1 +2021-12-04T19:59:18.436Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/docs:v1.9@sha256:23e9053e5eb837b31ae08bc770865827c7a2dc49dfc46fa2eba55f18fe8b21da (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2018-0501 | HIGH | 1.6~alpha7ubuntu2 | 1.6.3ubuntu0.1 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0501
https://mirror.fail
https://mirror.fail/
https://salsa.debian.org/apt-team/apt/commit/29658a3a74af49e2a24e17bdebb20e1612aac3ec
https://salsa.debian.org/apt-team/apt/commit/aebd4278bacc728ab00ebe31556983e140f60e47
https://ubuntu.com/security/notices/USN-3746-1
https://usn.ubuntu.com/3746-1/
| @@ -1508,7 +1508,7 @@ | xxd | CVE-2021-3903 | LOW | 2:8.0.1453-1ubuntu1 | 2:8.0.1453-1ubuntu1.7 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3903
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN4EX7BPQU7RP6PXCNCSDORUZBXQ4JUH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DU26T75PYA3OF7XJGNKMT2ZCQEU4UKP5/
https://ubuntu.com/security/notices/USN-5147-1
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.google.guava:guava | CVE-2020-8908 | LOW | 28.2-jre | 30.0 |
Click to expand!https://github.com/advisories/GHSA-5mg8-w23w-74h3
https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
https://github.com/google/guava/issues/4011
https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r037fed1d0ebde50c9caf8d99815db3093c344c3f651c5a49a09824ce@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E
https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-8908
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -1566,14 +1566,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:19.875Z INFO Detected OS: alpine -2021-12-04T19:59:19.875Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:19.881Z INFO Number of language-specific files: 0 +2021-12-04T19:59:19.875Z INFO Detected OS: alpine +2021-12-04T19:59:19.875Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:19.881Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -1601,16 +1601,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:59:36.837Z INFO Detected OS: debian -2021-12-04T19:59:36.837Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:59:36.891Z INFO Number of language-specific files: 2 -2021-12-04T19:59:36.891Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:59:36.891Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:36.837Z INFO Detected OS: debian +2021-12-04T19:59:36.837Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:59:36.891Z INFO Number of language-specific files: 2 +2021-12-04T19:59:36.891Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:59:36.891Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -1805,16 +1805,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/thelounge/security.md b/docs/apps/stable/thelounge/security.md index 49105887670..22cac9698da 100644 --- a/docs/apps/stable/thelounge/security.md +++ b/docs/apps/stable/thelounge/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:59:19.289Z INFO Detected config files: 1 +2021-12-04T19:59:19.289Z INFO Detected config files: 1 #### thelounge/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:21.037Z INFO Detected OS: alpine -2021-12-04T19:59:21.037Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:21.050Z INFO Number of language-specific files: 0 +2021-12-04T19:59:21.037Z INFO Detected OS: alpine +2021-12-04T19:59:21.037Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:21.050Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/thelounge:v4.3.0@sha256:642d2b46f679b666e7b7458e761de135b7fb6761e986a8bcb620d81803195051** -2021-12-04T19:59:34.722Z INFO Detected OS: debian -2021-12-04T19:59:34.722Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:59:34.863Z INFO Number of language-specific files: 1 -2021-12-04T19:59:34.863Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T19:59:34.722Z INFO Detected OS: debian +2021-12-04T19:59:34.722Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:59:34.863Z INFO Number of language-specific files: 1 +2021-12-04T19:59:34.863Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/thelounge:v4.3.0@sha256:642d2b46f679b666e7b7458e761de135b7fb6761e986a8bcb620d81803195051 (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -822,7 +822,7 @@ | wget | CVE-2021-31879 | MEDIUM | 1.21-1 | |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -833,4 +833,3 @@ | tar | CVE-2021-37701 | HIGH | 2.2.2 | 6.1.7, 5.0.8, 4.4.16 |
Click to expand!https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37712 | HIGH | 2.2.2 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37713 | HIGH | 2.2.2 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/docs/apps/stable/traccar/security.md b/docs/apps/stable/traccar/security.md index a22dd1e1002..7a6ca47112f 100644 --- a/docs/apps/stable/traccar/security.md +++ b/docs/apps/stable/traccar/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T19:59:20.429Z INFO Detected config files: 2 +2021-12-04T19:59:20.429Z INFO Detected config files: 2 #### traccar/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:24.066Z INFO Detected OS: alpine -2021-12-04T19:59:24.066Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:24.071Z INFO Number of language-specific files: 0 +2021-12-04T19:59:24.066Z INFO Detected OS: alpine +2021-12-04T19:59:24.066Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:24.071Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:59:36.029Z INFO Detected OS: debian -2021-12-04T19:59:36.029Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:59:36.071Z INFO Number of language-specific files: 2 -2021-12-04T19:59:36.071Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:59:36.071Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:36.029Z INFO Detected OS: debian +2021-12-04T19:59:36.029Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:59:36.071Z INFO Number of language-specific files: 2 +2021-12-04T19:59:36.071Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:59:36.071Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,30 +275,30 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/traccar:v4.14@sha256:39fe3c8c65caef00ab79591c98b383432fe2d21bf745c925df6fd7891ce6fe78** -2021-12-04T19:59:47.923Z INFO Detected OS: alpine -2021-12-04T19:59:47.923Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:47.927Z INFO Number of language-specific files: 1 -2021-12-04T19:59:47.927Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:47.923Z INFO Detected OS: alpine +2021-12-04T19:59:47.923Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:47.927Z INFO Number of language-specific files: 1 +2021-12-04T19:59:47.927Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/traccar:v4.14@sha256:39fe3c8c65caef00ab79591c98b383432fe2d21bf745c925df6fd7891ce6fe78 (alpine 3.14.1) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -329,7 +329,7 @@ | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Click to expand!https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **jar** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ch.qos.logback:logback-core | CVE-2017-5929 | CRITICAL | 1.1.3 | 1.2.0 |
Click to expand!http://www.cvedetails.com/cve/CVE-2017-5929/
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2017:1832
https://access.redhat.com/errata/RHSA-2018:2927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E
https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E
https://logback.qos.ch/news.html
https://nvd.nist.gov/vuln/detail/CVE-2017-5929
| @@ -357,14 +357,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:49.454Z INFO Detected OS: alpine -2021-12-04T19:59:49.454Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:49.460Z INFO Number of language-specific files: 0 +2021-12-04T19:59:49.454Z INFO Detected OS: alpine +2021-12-04T19:59:49.454Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:49.460Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -392,16 +392,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T19:59:56.847Z INFO Detected OS: debian -2021-12-04T19:59:56.847Z INFO Detecting Debian vulnerabilities... -2021-12-04T19:59:56.892Z INFO Number of language-specific files: 2 -2021-12-04T19:59:56.892Z INFO Detecting gobinary vulnerabilities... -2021-12-04T19:59:56.892Z INFO Detecting jar vulnerabilities... +2021-12-04T19:59:56.847Z INFO Detected OS: debian +2021-12-04T19:59:56.847Z INFO Detecting Debian vulnerabilities... +2021-12-04T19:59:56.892Z INFO Number of language-specific files: 2 +2021-12-04T19:59:56.892Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:59:56.892Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -596,16 +596,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/transmission/security.md b/docs/apps/stable/transmission/security.md index 340175d3b1f..0f5bf45f808 100644 --- a/docs/apps/stable/transmission/security.md +++ b/docs/apps/stable/transmission/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T19:59:35.444Z INFO Detected config files: 1 +2021-12-04T19:59:35.444Z INFO Detected config files: 1 #### transmission/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T19:59:48.678Z INFO Detected OS: alpine -2021-12-04T19:59:48.678Z INFO Detecting Alpine vulnerabilities... -2021-12-04T19:59:48.685Z INFO Number of language-specific files: 0 +2021-12-04T19:59:48.678Z INFO Detected OS: alpine +2021-12-04T19:59:48.678Z INFO Detecting Alpine vulnerabilities... +2021-12-04T19:59:48.685Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/transmission:v3.00@sha256:9a4f48483b93f74394b69555c9324c746414836de247fbeafec5f53c0b077b9f** -2021-12-04T19:59:56.219Z INFO Detected OS: ubuntu -2021-12-04T19:59:56.219Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T19:59:56.222Z INFO Number of language-specific files: 1 -2021-12-04T19:59:56.222Z INFO Detecting gobinary vulnerabilities... +2021-12-04T19:59:56.219Z INFO Detected OS: ubuntu +2021-12-04T19:59:56.219Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T19:59:56.222Z INFO Number of language-specific files: 1 +2021-12-04T19:59:56.222Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/transmission:v3.00@sha256:9a4f48483b93f74394b69555c9324c746414836de247fbeafec5f53c0b077b9f (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -161,8 +161,7 @@ | unrar | CVE-2018-25018 | MEDIUM | 1:5.6.6-2build1 | |
Click to expand!https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25018
https://github.com/aawc/unrar/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/truecommand/security.md b/docs/apps/stable/truecommand/security.md index 95b6ebd4271..25bf5867e47 100644 --- a/docs/apps/stable/truecommand/security.md +++ b/docs/apps/stable/truecommand/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:00:11.664Z INFO Detected config files: 1 +2021-12-04T20:00:11.664Z INFO Detected config files: 1 #### truecommand/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:13.087Z INFO Detected OS: alpine -2021-12-04T20:00:13.087Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:13.106Z INFO Number of language-specific files: 0 +2021-12-04T20:00:13.087Z INFO Detected OS: alpine +2021-12-04T20:00:13.087Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:13.106Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/truecommand:v2.0.2@sha256:adee76b6a9149ea15dc56e8e6692f6cc60355cfb83c55a7a94a117923dc67ad0** -2021-12-04T20:00:33.910Z INFO Detected OS: debian -2021-12-04T20:00:33.910Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:00:33.962Z INFO Number of language-specific files: 5 -2021-12-04T20:00:33.962Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:00:33.964Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:00:33.910Z INFO Detected OS: debian +2021-12-04T20:00:33.910Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:00:33.962Z INFO Number of language-specific files: 5 +2021-12-04T20:00:33.962Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:00:33.964Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/truecommand:v2.0.2@sha256:adee76b6a9149ea15dc56e8e6692f6cc60355cfb83c55a7a94a117923dc67ad0 (debian 10.4) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2020-27350 | MEDIUM | 1.8.2.1 | 1.8.2.2 |
Click to expand!https://bugs.launchpad.net/bugs/1899193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350
https://security.netapp.com/advisory/ntap-20210108-0005/
https://ubuntu.com/security/notices/USN-4667-1
https://ubuntu.com/security/notices/USN-4667-2
https://usn.ubuntu.com/usn/usn-4667-1
https://www.debian.org/security/2020/dsa-4808
| @@ -379,14 +379,14 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/buger/jsonparser | CVE-2020-10675 | HIGH | v0.0.0-20191004114745-ee4c978eae7e | v0.0.0-20200321185410-91ac96899e49 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10675
https://github.com/buger/jsonparser/issues/188
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI/
https://nvd.nist.gov/vuln/detail/CVE-2020-10675
| @@ -396,7 +396,7 @@ | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/buger/jsonparser | CVE-2020-10675 | HIGH | v0.0.0-20191004114745-ee4c978eae7e | v0.0.0-20200321185410-91ac96899e49 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10675
https://github.com/buger/jsonparser/issues/188
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI/
https://nvd.nist.gov/vuln/detail/CVE-2020-10675
| @@ -406,15 +406,12 @@ | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/tt-rss/security.md b/docs/apps/stable/tt-rss/security.md index e9cd4976ab5..fb2206b7364 100644 --- a/docs/apps/stable/tt-rss/security.md +++ b/docs/apps/stable/tt-rss/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T20:00:34.938Z INFO Detected config files: 2 +2021-12-04T20:00:34.938Z INFO Detected config files: 2 #### tt-rss/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:37.814Z INFO Detected OS: alpine -2021-12-04T20:00:37.814Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:37.827Z INFO Number of language-specific files: 0 +2021-12-04T20:00:37.814Z INFO Detected OS: alpine +2021-12-04T20:00:37.814Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:37.827Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:00:39.013Z INFO Detected OS: debian -2021-12-04T20:00:39.013Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:00:39.060Z INFO Number of language-specific files: 2 -2021-12-04T20:00:39.060Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:00:39.061Z INFO Detecting jar vulnerabilities... +2021-12-04T20:00:39.013Z INFO Detected OS: debian +2021-12-04T20:00:39.013Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:00:39.060Z INFO Number of language-specific files: 2 +2021-12-04T20:00:39.060Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:00:39.061Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,32 +275,32 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/tt-rss:v1.9075.0@sha256:9779b47027627c16b3f6c0e69b9a5c7964a7b701ff8ccc6b1f0a7d5d371c7c6b** -2021-12-04T20:00:47.176Z INFO Detected OS: ubuntu -2021-12-04T20:00:47.176Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T20:00:47.181Z INFO Number of language-specific files: 4 -2021-12-04T20:00:47.181Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:00:47.181Z INFO Detecting composer vulnerabilities... -2021-12-04T20:00:47.181Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:00:47.176Z INFO Detected OS: ubuntu +2021-12-04T20:00:47.176Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T20:00:47.181Z INFO Number of language-specific files: 4 +2021-12-04T20:00:47.181Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:00:47.181Z INFO Detecting composer vulnerabilities... +2021-12-04T20:00:47.181Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/tt-rss:v1.9075.0@sha256:9779b47027627c16b3f6c0e69b9a5c7964a7b701ff8ccc6b1f0a7d5d371c7c6b (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -414,42 +414,42 @@ | python3.8-minimal | CVE-2021-23336 | LOW | 3.8.10-0ubuntu1~20.04 | |
Click to expand!http://www.openwall.com/lists/oss-security/2021/02/19/4
http://www.openwall.com/lists/oss-security/2021/05/01/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
https://github.com/python/cpython/pull/24297
https://linux.oracle.com/cve/CVE-2021-23336.html
https://linux.oracle.com/errata/ELSA-2021-1633.html
https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E
https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210326-0004/
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
https://ubuntu.com/security/notices/USN-4742-1
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| **node-pkg** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **composer** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:48.308Z INFO Detected OS: alpine -2021-12-04T20:00:48.308Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:48.317Z INFO Number of language-specific files: 0 +2021-12-04T20:00:48.308Z INFO Detected OS: alpine +2021-12-04T20:00:48.308Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:48.317Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -477,16 +477,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:00:59.789Z INFO Detected OS: debian -2021-12-04T20:00:59.789Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:00:59.824Z INFO Number of language-specific files: 2 -2021-12-04T20:00:59.824Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:00:59.824Z INFO Detecting jar vulnerabilities... +2021-12-04T20:00:59.789Z INFO Detected OS: debian +2021-12-04T20:00:59.789Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:00:59.824Z INFO Number of language-specific files: 2 +2021-12-04T20:00:59.824Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:00:59.824Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -681,16 +681,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/tvheadend/security.md b/docs/apps/stable/tvheadend/security.md index a56aa676b80..8b88580a1de 100644 --- a/docs/apps/stable/tvheadend/security.md +++ b/docs/apps/stable/tvheadend/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:00:47.706Z INFO Detected config files: 1 +2021-12-04T20:00:47.706Z INFO Detected config files: 1 #### tvheadend/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:49.278Z INFO Detected OS: alpine -2021-12-04T20:00:49.278Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:49.287Z INFO Number of language-specific files: 0 +2021-12-04T20:00:49.278Z INFO Detected OS: alpine +2021-12-04T20:00:49.278Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:49.287Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/tvheadend:version-63784405@sha256:55617b2f0e1a9d9cefb853c5d52f3729da88c9662ad18813e688201dbe3aee9a** -2021-12-04T20:00:58.606Z INFO Number of language-specific files: 0 +2021-12-04T20:00:58.606Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/twtxt/security.md b/docs/apps/stable/twtxt/security.md index bbbf074281a..04f5a290525 100644 --- a/docs/apps/stable/twtxt/security.md +++ b/docs/apps/stable/twtxt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:00:49.795Z INFO Detected config files: 1 +2021-12-04T20:00:49.795Z INFO Detected config files: 1 #### twtxt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:00:59.162Z INFO Detected OS: alpine -2021-12-04T20:00:59.162Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:00:59.175Z INFO Number of language-specific files: 0 +2021-12-04T20:00:59.162Z INFO Detected OS: alpine +2021-12-04T20:00:59.162Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:00:59.175Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,14 @@ **Container: tccr.io/truecharts/twtxt:version-0.1.1@sha256:9f34f0557d2a46aa7952c55f5a368c130659fafa0780785a647721edd001cdaa** -2021-12-04T20:01:04.681Z INFO Number of language-specific files: 1 -2021-12-04T20:01:04.681Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:01:04.681Z INFO Number of language-specific files: 1 +2021-12-04T20:01:04.681Z INFO Detecting gobinary vulnerabilities... #### app/twtd - + **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/dgrijalva/jwt-go | CVE-2020-26160 | HIGH | v3.2.0+incompatible | |
Click to expand!https://github.com/dgrijalva/jwt-go/pull/426
https://nvd.nist.gov/vuln/detail/CVE-2020-26160
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
| | golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200709230013-948cd5f35899 | v0.0.0-20201216223049-8b5274cf687f |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://linux.oracle.com/cve/CVE-2020-29652.html
https://linux.oracle.com/errata/ELSA-2021-1796.html
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-29652
| - diff --git a/docs/apps/stable/unifi/security.md b/docs/apps/stable/unifi/security.md index 06eca42d2b4..d6de5e30155 100644 --- a/docs/apps/stable/unifi/security.md +++ b/docs/apps/stable/unifi/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:01:06.079Z INFO Detected config files: 1 +2021-12-04T20:01:06.079Z INFO Detected config files: 1 #### unifi/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:01:07.015Z INFO Detected OS: alpine -2021-12-04T20:01:07.015Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:01:07.047Z INFO Number of language-specific files: 0 +2021-12-04T20:01:07.015Z INFO Detected OS: alpine +2021-12-04T20:01:07.015Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:01:07.047Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,14 +61,14 @@ **Container: tccr.io/truecharts/unifi:v6.5.53@sha256:c6cf26dcd8e73e95503a9a8fb5ab36458c05c724b33add8dc1a6152648f33d3d** -2021-12-04T20:01:36.779Z INFO Detected OS: ubuntu -2021-12-04T20:01:36.780Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T20:01:36.786Z INFO Number of language-specific files: 0 +2021-12-04T20:01:36.779Z INFO Detected OS: ubuntu +2021-12-04T20:01:36.780Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T20:01:36.786Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/unifi:v6.5.53@sha256:c6cf26dcd8e73e95503a9a8fb5ab36458c05c724b33add8dc1a6152648f33d3d (ubuntu 18.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 4.4.18-2ubuntu1.2 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -214,4 +214,3 @@ | passwd | CVE-2018-7169 | LOW | 1:4.5-1ubuntu2 | |
Click to expand!https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
| | perl-base | CVE-2020-16156 | MEDIUM | 5.26.1-6ubuntu0.5 | |
Click to expand!http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
| | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu7.1 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| - diff --git a/docs/apps/stable/unpackerr/security.md b/docs/apps/stable/unpackerr/security.md index 535a387968a..37ceef7439a 100644 --- a/docs/apps/stable/unpackerr/security.md +++ b/docs/apps/stable/unpackerr/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:01:46.149Z INFO Detected config files: 1 +2021-12-04T20:01:46.149Z INFO Detected config files: 1 #### unpackerr/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:01:46.934Z INFO Detected OS: alpine -2021-12-04T20:01:46.934Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:01:46.946Z INFO Number of language-specific files: 0 +2021-12-04T20:01:46.934Z INFO Detected OS: alpine +2021-12-04T20:01:46.934Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:01:46.946Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/unpackerr:v0.9.8@sha256:a76546d014ad85dac797bbb3d7753d1c0b5778ea907a7f2b21dad908a1c7712c** -2021-12-04T20:01:49.496Z INFO Number of language-specific files: 0 +2021-12-04T20:01:49.496Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/unpoller/security.md b/docs/apps/stable/unpoller/security.md index 7e37743a380..e0760419368 100644 --- a/docs/apps/stable/unpoller/security.md +++ b/docs/apps/stable/unpoller/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:01:52.263Z INFO Detected config files: 1 +2021-12-04T20:01:52.263Z INFO Detected config files: 1 #### unpoller/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:01:53.858Z INFO Detected OS: alpine -2021-12-04T20:01:53.858Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:01:53.864Z INFO Number of language-specific files: 0 +2021-12-04T20:01:53.858Z INFO Detected OS: alpine +2021-12-04T20:01:53.858Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:01:53.864Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,8 +61,7 @@ **Container: tccr.io/truecharts/unifi-poller:v2.1.3@sha256:2d6cd1f4cdc3d8522d697830f69ca12aa2fe24fda4e5476610af6e0b5c0597e9** -2021-12-04T20:01:57.370Z INFO Number of language-specific files: 0 +2021-12-04T20:01:57.370Z INFO Number of language-specific files: 0 | No Vulnerabilities found | |:---------------------------------| - diff --git a/docs/apps/stable/uptime-kuma/security.md b/docs/apps/stable/uptime-kuma/security.md index 93bce54bf4d..3c43870623d 100644 --- a/docs/apps/stable/uptime-kuma/security.md +++ b/docs/apps/stable/uptime-kuma/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:01:52.960Z INFO Detected config files: 1 +2021-12-04T20:01:52.960Z INFO Detected config files: 1 #### uptime-kuma/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:01:54.994Z INFO Detected OS: alpine -2021-12-04T20:01:54.994Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:01:55.002Z INFO Number of language-specific files: 0 +2021-12-04T20:01:54.994Z INFO Detected OS: alpine +2021-12-04T20:01:54.994Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:01:55.002Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,16 +61,16 @@ **Container: tccr.io/truecharts/uptime-kuma:v1.10.2-debian@sha256:002dbdff764a1d26278efadeecacc62602e3aba7714317afd83ec501a2b71769** -2021-12-04T20:02:07.954Z INFO Detected OS: debian -2021-12-04T20:02:07.954Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:02:07.977Z INFO Number of language-specific files: 2 -2021-12-04T20:02:07.977Z INFO Detecting node-pkg vulnerabilities... -2021-12-04T20:02:08.009Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T20:02:07.954Z INFO Detected OS: debian +2021-12-04T20:02:07.954Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:02:07.977Z INFO Number of language-specific files: 2 +2021-12-04T20:02:07.977Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:02:08.009Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/uptime-kuma:v1.10.2-debian@sha256:002dbdff764a1d26278efadeecacc62602e3aba7714317afd83ec501a2b71769 (debian 10.10) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -246,7 +246,7 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -254,9 +254,6 @@ | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/uptimerobot-prometheus/security.md b/docs/apps/stable/uptimerobot-prometheus/security.md index 06fc0c57414..5efc0f968ee 100644 --- a/docs/apps/stable/uptimerobot-prometheus/security.md +++ b/docs/apps/stable/uptimerobot-prometheus/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:02:22.608Z INFO Detected config files: 1 +2021-12-04T20:02:22.608Z INFO Detected config files: 1 #### uptimerobot-prometheus/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:02:23.308Z INFO Detected OS: alpine -2021-12-04T20:02:23.309Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:23.316Z INFO Number of language-specific files: 0 +2021-12-04T20:02:23.308Z INFO Detected OS: alpine +2021-12-04T20:02:23.309Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:23.316Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/prometheus-uptimerobot-exporter:v0.0.1@sha256:c73a86e73ab47e0974eb3d6bd6ce5834befe8363979a9da2b53922b630ec084a** -2021-12-04T20:02:26.416Z INFO Detected OS: alpine -2021-12-04T20:02:26.416Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:26.424Z INFO Number of language-specific files: 1 -2021-12-04T20:02:26.424Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T20:02:26.416Z INFO Detected OS: alpine +2021-12-04T20:02:26.416Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:26.424Z INFO Number of language-specific files: 1 +2021-12-04T20:02:26.424Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/prometheus-uptimerobot-exporter:v0.0.1@sha256:c73a86e73ab47e0974eb3d6bd6ce5834befe8363979a9da2b53922b630ec084a (alpine 3.12.0) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -154,11 +154,10 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r16 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | pip | CVE-2021-28363 | MEDIUM | 20.1.1 | 21.1 |
Click to expand!https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| | pip | CVE-2021-3572 | MEDIUM | 20.1.1 | 21.1 |
Click to expand!https://access.redhat.com/errata/RHSA-2021:3254
https://bugzilla.redhat.com/show_bug.cgi?id=1962856
https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
https://github.com/pypa/pip/pull/9827
https://linux.oracle.com/cve/CVE-2021-3572.html
https://linux.oracle.com/errata/ELSA-2021-4455.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3572
https://packetstormsecurity.com/files/162712/USN-4961-1.txt
| | pip | pyup.io-42218 | UNKNOWN | 20.1.1 | 21.1 |
Click to expand!
| | urllib3 | CVE-2021-33503 | HIGH | 1.25.9 | 1.26.5 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
https://nvd.nist.gov/vuln/detail/CVE-2021-33503
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| - diff --git a/docs/apps/stable/valheim/security.md b/docs/apps/stable/valheim/security.md index b168b5c9887..914d8531d3b 100644 --- a/docs/apps/stable/valheim/security.md +++ b/docs/apps/stable/valheim/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:02:35.141Z INFO Detected config files: 1 +2021-12-04T20:02:35.141Z INFO Detected config files: 1 #### valheim/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:02:36.782Z INFO Detected OS: alpine -2021-12-04T20:02:36.782Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:36.790Z INFO Number of language-specific files: 0 +2021-12-04T20:02:36.782Z INFO Detected OS: alpine +2021-12-04T20:02:36.782Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:36.790Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/valheim-server:latest@sha256:12a0e638db1b54e93af61d8a94c275224ec8524e65304f058eff34dfdbaafef0** -2021-12-04T20:02:52.094Z INFO Detected OS: debian -2021-12-04T20:02:52.094Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:02:52.177Z INFO Number of language-specific files: 1 -2021-12-04T20:02:52.177Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T20:02:52.094Z INFO Detected OS: debian +2021-12-04T20:02:52.094Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:02:52.177Z INFO Number of language-specific files: 1 +2021-12-04T20:02:52.177Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/valheim-server:latest@sha256:12a0e638db1b54e93af61d8a94c275224ec8524e65304f058eff34dfdbaafef0 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -491,9 +491,6 @@ | zip | CVE-2018-13410 | LOW | 3.0-11 | |
Click to expand!http://seclists.org/fulldisclosure/2018/Jul/24
| **python-pkg** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/vaultwarden/security.md b/docs/apps/stable/vaultwarden/security.md index 6bbd18ea17f..bd38f2ddf3e 100644 --- a/docs/apps/stable/vaultwarden/security.md +++ b/docs/apps/stable/vaultwarden/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T20:02:54.062Z INFO Detected config files: 2 +2021-12-04T20:02:54.062Z INFO Detected config files: 2 #### vaultwarden/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:02:56.947Z INFO Detected OS: alpine -2021-12-04T20:02:56.947Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:56.955Z INFO Number of language-specific files: 0 +2021-12-04T20:02:56.947Z INFO Detected OS: alpine +2021-12-04T20:02:56.947Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:56.955Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:02:58.241Z INFO Detected OS: debian -2021-12-04T20:02:58.241Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:02:58.303Z INFO Number of language-specific files: 2 -2021-12-04T20:02:58.303Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:02:58.303Z INFO Detecting jar vulnerabilities... +2021-12-04T20:02:58.241Z INFO Detected OS: debian +2021-12-04T20:02:58.241Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:02:58.303Z INFO Number of language-specific files: 2 +2021-12-04T20:02:58.303Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:02:58.303Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,29 +275,29 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/vaultwarden:v1.23.0@sha256:1e65dd23569e566576c3c80de76f711e0b9fc5e29a39d45f49f0a44d1282d869** -2021-12-04T20:03:07.218Z INFO Detected OS: debian -2021-12-04T20:03:07.218Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:07.308Z INFO Number of language-specific files: 0 +2021-12-04T20:03:07.218Z INFO Detected OS: debian +2021-12-04T20:03:07.218Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:07.308Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/vaultwarden:v1.23.0@sha256:1e65dd23569e566576c3c80de76f711e0b9fc5e29a39d45f49f0a44d1282d869 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -608,14 +608,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:08.318Z INFO Detected OS: alpine -2021-12-04T20:03:08.318Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:08.324Z INFO Number of language-specific files: 0 +2021-12-04T20:03:08.318Z INFO Detected OS: alpine +2021-12-04T20:03:08.318Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:08.324Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -643,16 +643,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:03:09.114Z INFO Detected OS: debian -2021-12-04T20:03:09.114Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:09.161Z INFO Number of language-specific files: 2 -2021-12-04T20:03:09.161Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:03:09.161Z INFO Detecting jar vulnerabilities... +2021-12-04T20:03:09.114Z INFO Detected OS: debian +2021-12-04T20:03:09.114Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:09.161Z INFO Number of language-specific files: 2 +2021-12-04T20:03:09.161Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:03:09.161Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -847,16 +847,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/whoogle/security.md b/docs/apps/stable/whoogle/security.md index bf0293241fc..a5aef80eff6 100644 --- a/docs/apps/stable/whoogle/security.md +++ b/docs/apps/stable/whoogle/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:02:54.735Z INFO Detected config files: 1 +2021-12-04T20:02:54.735Z INFO Detected config files: 1 #### whoogle/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:02:57.621Z INFO Detected OS: alpine -2021-12-04T20:02:57.621Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:02:57.628Z INFO Number of language-specific files: 0 +2021-12-04T20:02:57.621Z INFO Detected OS: alpine +2021-12-04T20:02:57.621Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:02:57.628Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/whoogle-search:v0.6.0@sha256:3eeb08a974169f6f1abd884d0923a86d594f9d41c881c7558cb1cbe8dfeb454f** -2021-12-04T20:03:02.134Z INFO Detected OS: debian -2021-12-04T20:03:02.134Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:02.167Z INFO Number of language-specific files: 1 -2021-12-04T20:03:02.167Z INFO Detecting python-pkg vulnerabilities... +2021-12-04T20:03:02.134Z INFO Detected OS: debian +2021-12-04T20:03:02.134Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:02.167Z INFO Number of language-specific files: 1 +2021-12-04T20:03:02.167Z INFO Detecting python-pkg vulnerabilities... #### tccr.io/truecharts/whoogle-search:v0.6.0@sha256:3eeb08a974169f6f1abd884d0923a86d594f9d41c881c7558cb1cbe8dfeb454f (debian 11.1) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -199,8 +199,7 @@ | tor-geoipdb | CVE-2020-8516 | LOW | 0.4.5.10-1~deb11u1 | |
Click to expand!https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html
https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
https://security-tracker.debian.org/tracker/CVE-2020-8516
https://trac.torproject.org/projects/tor/ticket/33129
https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
| **python-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | Werkzeug | pyup.io-42050 | UNKNOWN | 0.16.0 | 2.0.2 |
Click to expand!
| - diff --git a/docs/apps/stable/wiki/security.md b/docs/apps/stable/wiki/security.md index f18b9faba7b..ac437d701b3 100644 --- a/docs/apps/stable/wiki/security.md +++ b/docs/apps/stable/wiki/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:03:10.131Z INFO Detected config files: 1 +2021-12-04T20:03:10.131Z INFO Detected config files: 1 #### wiki/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:10.955Z INFO Detected OS: alpine -2021-12-04T20:03:10.955Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:10.960Z INFO Number of language-specific files: 0 +2021-12-04T20:03:10.955Z INFO Detected OS: alpine +2021-12-04T20:03:10.955Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:10.960Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,17 +61,17 @@ **Container: tccr.io/truecharts/wiki:version-900b76a@sha256:26548fe894831ba1fbd7b68da370583363be3f992bd99e71c8b678c2583df951** -2021-12-04T20:03:28.136Z INFO Detected OS: alpine -2021-12-04T20:03:28.136Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:28.141Z INFO Number of language-specific files: 1 -2021-12-04T20:03:28.141Z INFO Detecting node-pkg vulnerabilities... -2021-12-04T20:03:28.180Z WARN This OS version is no longer supported by the distribution: alpine 3.11.12 -2021-12-04T20:03:28.180Z WARN The vulnerability detection may be insufficient because security updates are not provided +2021-12-04T20:03:28.136Z INFO Detected OS: alpine +2021-12-04T20:03:28.136Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:28.141Z INFO Number of language-specific files: 1 +2021-12-04T20:03:28.141Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:03:28.180Z WARN This OS version is no longer supported by the distribution: alpine 3.11.12 +2021-12-04T20:03:28.180Z WARN The vulnerability detection may be insufficient because security updates are not provided #### tccr.io/truecharts/wiki:version-900b76a@sha256:26548fe894831ba1fbd7b68da370583363be3f992bd99e71c8b678c2583df951 (alpine 3.11.12) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.31.1-r10 | 1.31.1-r11 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -102,7 +102,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r10 | 1.31.1-r11 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| @@ -133,4 +133,3 @@ | ws | CVE-2021-32640 | MEDIUM | 7.4.5 | 5.2.3, 6.2.2, 7.4.6 |
Click to expand!https://github.com/advisories/GHSA-6fc8-4gx4-v693
https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
https://github.com/websockets/ws/issues/1895
https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30@%3Ccommits.tinkerpop.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-32640
| | xmldom | CVE-2021-21366 | MEDIUM | 0.1.31 | 0.5.0 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21366
https://github.com/advisories/GHSA-h6q6-9hqw-rwfv
https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
https://github.com/xmldom/xmldom/releases/tag/0.5.0
https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
https://nvd.nist.gov/vuln/detail/CVE-2021-21366
https://www.npmjs.com/package/xmldom
| | xmldom | CVE-2021-32796 | MEDIUM | 0.1.31 | |
Click to expand!https://github.com/advisories/GHSA-5fg8-2547-mr8q
https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b
https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://mattermost.com/blog/securing-xml-implementations-across-the-web/
https://nvd.nist.gov/vuln/detail/CVE-2021-32796
https://www.npmjs.com/package/@xmldom/xmldom
| - diff --git a/docs/apps/stable/wikijs/security.md b/docs/apps/stable/wikijs/security.md index 17323c60314..6d71237951a 100644 --- a/docs/apps/stable/wikijs/security.md +++ b/docs/apps/stable/wikijs/security.md @@ -4,23 +4,23 @@ ##### Scan Results -2021-12-04T20:03:46.199Z INFO Detected config files: 2 +2021-12-04T20:03:46.199Z INFO Detected config files: 2 #### wikijs/charts/postgresql/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -36,14 +36,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:47.000Z INFO Detected OS: alpine -2021-12-04T20:03:47.000Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:47.007Z INFO Number of language-specific files: 0 +2021-12-04T20:03:47.000Z INFO Detected OS: alpine +2021-12-04T20:03:47.000Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:47.007Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -71,16 +71,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:03:47.991Z INFO Detected OS: debian -2021-12-04T20:03:47.991Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:48.056Z INFO Number of language-specific files: 2 -2021-12-04T20:03:48.056Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:03:48.056Z INFO Detecting jar vulnerabilities... +2021-12-04T20:03:47.991Z INFO Detected OS: debian +2021-12-04T20:03:47.991Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:48.056Z INFO Number of language-specific files: 2 +2021-12-04T20:03:48.056Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:03:48.056Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -275,32 +275,32 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - + **Container: tccr.io/truecharts/wiki:v2.5@sha256:4241796c343106f89fdc585229993df05c0ae81bdbbfc13a6f6a5be9b23d662e** **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:49.393Z INFO Detected OS: alpine -2021-12-04T20:03:49.393Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:49.402Z INFO Number of language-specific files: 0 +2021-12-04T20:03:49.393Z INFO Detected OS: alpine +2021-12-04T20:03:49.393Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:49.402Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -328,16 +328,16 @@ **Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** -2021-12-04T20:03:50.207Z INFO Detected OS: debian -2021-12-04T20:03:50.207Z INFO Detecting Debian vulnerabilities... -2021-12-04T20:03:50.255Z INFO Number of language-specific files: 2 -2021-12-04T20:03:50.255Z INFO Detecting gobinary vulnerabilities... -2021-12-04T20:03:50.255Z INFO Detecting jar vulnerabilities... +2021-12-04T20:03:50.207Z INFO Detected OS: debian +2021-12-04T20:03:50.207Z INFO Detecting Debian vulnerabilities... +2021-12-04T20:03:50.255Z INFO Number of language-specific files: 2 +2021-12-04T20:03:50.255Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:03:50.255Z INFO Detecting jar vulnerabilities... #### tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) - + **debian** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |
Click to expand!https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| @@ -532,16 +532,13 @@ | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |
Click to expand!https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://security.netapp.com/advisory/ntap-20210902-0002/
| **jar** - + | No Vulnerabilities found | |:---------------------------------| - + **gobinary** - + | No Vulnerabilities found | |:---------------------------------| - - - diff --git a/docs/apps/stable/xteve/security.md b/docs/apps/stable/xteve/security.md index acac804d5b2..01f672ff93c 100644 --- a/docs/apps/stable/xteve/security.md +++ b/docs/apps/stable/xteve/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:03:50.970Z INFO Detected config files: 1 +2021-12-04T20:03:50.970Z INFO Detected config files: 1 #### xteve/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:03:51.700Z INFO Detected OS: alpine -2021-12-04T20:03:51.701Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:03:51.707Z INFO Number of language-specific files: 0 +2021-12-04T20:03:51.700Z INFO Detected OS: alpine +2021-12-04T20:03:51.701Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:03:51.707Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/xteve:v2.2.0.200@sha256:77a1e4d934da1361c349fc3b9548e4e01b421df078759e5d11b4cc552c50bd7e** -2021-12-04T20:04:05.108Z INFO Detected OS: ubuntu -2021-12-04T20:04:05.108Z INFO Detecting Ubuntu vulnerabilities... -2021-12-04T20:04:05.112Z INFO Number of language-specific files: 1 -2021-12-04T20:04:05.112Z INFO Detecting gobinary vulnerabilities... +2021-12-04T20:04:05.108Z INFO Detected OS: ubuntu +2021-12-04T20:04:05.108Z INFO Detecting Ubuntu vulnerabilities... +2021-12-04T20:04:05.112Z INFO Number of language-specific files: 1 +2021-12-04T20:04:05.112Z INFO Detecting gobinary vulnerabilities... #### tccr.io/truecharts/xteve:v2.2.0.200@sha256:77a1e4d934da1361c349fc3b9548e4e01b421df078759e5d11b4cc552c50bd7e (ubuntu 20.04) - + **ubuntu** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | |
Click to expand!http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8
| @@ -768,8 +768,7 @@ | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Click to expand!http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **gobinary** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 |
Click to expand!https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc
https://linux.oracle.com/cve/CVE-2019-11254.html
https://linux.oracle.com/errata/ELSA-2020-5653.html
https://security.netapp.com/advisory/ntap-20200413-0003/
| - diff --git a/docs/apps/stable/zigbee2mqtt/security.md b/docs/apps/stable/zigbee2mqtt/security.md index 02dd2280a19..5eb31322fd9 100644 --- a/docs/apps/stable/zigbee2mqtt/security.md +++ b/docs/apps/stable/zigbee2mqtt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:04:06.124Z INFO Detected config files: 1 +2021-12-04T20:04:06.124Z INFO Detected config files: 1 #### zigbee2mqtt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:04:07.156Z INFO Detected OS: alpine -2021-12-04T20:04:07.156Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:04:07.166Z INFO Number of language-specific files: 0 +2021-12-04T20:04:07.156Z INFO Detected OS: alpine +2021-12-04T20:04:07.156Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:04:07.166Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,25 +61,24 @@ **Container: tccr.io/truecharts/zigbee2mqtt:v1.22.1@sha256:ee52cfe959f3e5a05dc4ca4fee50a4d7572522664cf1b275749a4c85da6f4736** -2021-12-04T20:04:13.326Z INFO Detected OS: alpine -2021-12-04T20:04:13.326Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:04:13.327Z INFO Number of language-specific files: 1 -2021-12-04T20:04:13.327Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:04:13.326Z INFO Detected OS: alpine +2021-12-04T20:04:13.326Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:04:13.327Z INFO Number of language-specific files: 1 +2021-12-04T20:04:13.327Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/zigbee2mqtt:v1.22.1@sha256:ee52cfe959f3e5a05dc4ca4fee50a4d7572522664cf1b275749a4c85da6f4736 (alpine 3.12.9) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-28831 | HIGH | 1.31.1-r21 | 1.32.1-r4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
| | ssl_client | CVE-2021-28831 | HIGH | 1.31.1-r21 | 1.32.1-r4 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 5.0.1, 6.0.1 |
Click to expand!https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
| | json-schema | CVE-2021-3918 | CRITICAL | 0.2.3 | 0.4.0 |
Click to expand!https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://nvd.nist.gov/vuln/detail/CVE-2021-3918
| - diff --git a/docs/apps/stable/zwavejs2mqtt/security.md b/docs/apps/stable/zwavejs2mqtt/security.md index 7580582ba8a..db883928594 100644 --- a/docs/apps/stable/zwavejs2mqtt/security.md +++ b/docs/apps/stable/zwavejs2mqtt/security.md @@ -4,16 +4,16 @@ ##### Scan Results -2021-12-04T20:04:14.153Z INFO Detected config files: 1 +2021-12-04T20:04:14.153Z INFO Detected config files: 1 #### zwavejs2mqtt/templates/common.yaml - + **kubernetes** - + | No Vulnerabilities found | |:---------------------------------| - + ## Containers @@ -26,14 +26,14 @@ **Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** -2021-12-04T20:04:15.268Z INFO Detected OS: alpine -2021-12-04T20:04:15.268Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:04:15.275Z INFO Number of language-specific files: 0 +2021-12-04T20:04:15.268Z INFO Detected OS: alpine +2021-12-04T20:04:15.268Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:04:15.275Z INFO Number of language-specific files: 0 #### tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| @@ -61,15 +61,15 @@ **Container: tccr.io/truecharts/zwavejs2mqtt:v6.0.3@sha256:8fdac2ebee3443d0c1e62a3d52e14959e4717b1c33e4a7ed76f0c45b74d09fcd** -2021-12-04T20:04:26.031Z INFO Detected OS: alpine -2021-12-04T20:04:26.031Z INFO Detecting Alpine vulnerabilities... -2021-12-04T20:04:26.033Z INFO Number of language-specific files: 1 -2021-12-04T20:04:26.033Z INFO Detecting node-pkg vulnerabilities... +2021-12-04T20:04:26.031Z INFO Detected OS: alpine +2021-12-04T20:04:26.031Z INFO Detecting Alpine vulnerabilities... +2021-12-04T20:04:26.033Z INFO Number of language-specific files: 1 +2021-12-04T20:04:26.033Z INFO Detecting node-pkg vulnerabilities... #### tccr.io/truecharts/zwavejs2mqtt:v6.0.3@sha256:8fdac2ebee3443d0c1e62a3d52e14959e4717b1c33e4a7ed76f0c45b74d09fcd (alpine 3.12.7) - + **alpine** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.6-r0 | 2.10.7-r0 |
Click to expand!https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| @@ -101,7 +101,7 @@ | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Click to expand!https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
| **node-pkg** - + | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | @npmcli/arborist | CVE-2021-39134 | HIGH | 2.6.1 | 2.8.2 |
Click to expand!https://github.com/advisories/GHSA-2h3h-q99f-3fhc
https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
https://nvd.nist.gov/vuln/detail/CVE-2021-39134
https://www.npmjs.com/package/@npmcli/arborist
https://www.oracle.com/security-alerts/cpuoct2021.html
| @@ -125,4 +125,3 @@ | tar | CVE-2021-37713 | HIGH | 6.1.0 | 6.1.9, 5.0.10, 4.4.18 |
Click to expand!https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | trim-newlines | CVE-2021-33623 | HIGH | 1.0.0 | 4.0.1, 3.0.1 |
Click to expand!https://github.com/advisories/GHSA-7p7h-4mm5-852v
https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91
https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33623
https://security.netapp.com/advisory/ntap-20210702-0007/
https://www.npmjs.com/package/trim-newlines
| | trim-off-newlines | CVE-2021-23425 | MEDIUM | 1.0.1 | |
Click to expand!https://github.com/advisories/GHSA-38fc-wpqx-33j7
https://github.com/stevemao/trim-off-newlines/blob/master/index.js%23L6
https://github.com/stevemao/trim-off-newlines/pull/3
https://nvd.nist.gov/vuln/detail/CVE-2021-23425
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567197
https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850
| - diff --git a/docs/index.yaml b/docs/index.yaml index 0352141c21e..c3b6de95ba1 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,37 +1,6 @@ apiVersion: v1 entries: airsonic: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 10.6.2 - created: "2021-12-04T20:11:04.857879879Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Airsonic is a Free and Open Source community driven media server - digest: eeb87505ed6bc3b5548ebf6fd70d8b42b216fad1a17503ec60489b4a85e0f173 - home: https://github.com/truecharts/apps/tree/master/charts/stable/airsonic - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/airsonic-logo.png - keywords: - - airsonic - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: airsonic - sources: - - https://github.com/airsonic/airsonic - - https://github.com/linuxserver/docker-airsonic - - https://github.com/k8s-at-home/charts/tree/master/charts/airsonic - urls: - - https://github.com/truecharts/apps/releases/download/airsonic-4.0.17/airsonic-4.0.17.tgz - version: 4.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -2169,35 +2138,6 @@ entries: - https://github.com/truecharts/apps/releases/download/airsonic-1.0.0/airsonic-1.0.0.tgz version: 1.0.0 amcrest2mqtt: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.0.11 - created: "2021-12-04T20:11:05.05635955Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Expose all events from an Amcrest device to an MQTT broker - digest: 06fcde58729fa5ce9826e43a9a6ca8bf996e68b69651ec4b300b7c1d4c97cef1 - home: https://github.com/truecharts/apps/tree/master/charts/stable/amcrest2mqtt - icon: https://raw.githubusercontent.com/k8s-at-home/organization/main/logo/k8s-at-home-400.png - keywords: - - amcrest2mqtt - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: amcrest2mqtt - sources: - - https://github.com/dchesterton/amcrest2mqtt - urls: - - https://github.com/truecharts/apps/releases/download/amcrest2mqtt-2.0.17/amcrest2mqtt-2.0.17.tgz - version: 2.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -2469,39 +2409,6 @@ entries: - https://github.com/truecharts/apps/releases/download/amcrest2mqtt-0.0.2/amcrest2mqtt-0.0.2.tgz version: 0.0.2 anonaddy: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - email - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.8.7 - created: "2021-12-04T20:11:05.287722797Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: Protect your email from spam using disposable addresses. - digest: 786bb68eddebb452cc4e8f788f08659cf6d8a86f44f85225a07d1d64b7a84bb8 - home: https://github.com/truechartsapps/tree/master/charts/stable/anonaddy - icon: https://avatars.githubusercontent.com/u/51450862?s=200&v=4?sanitize=true - keywords: - - anonaddy - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: anonaddy - sources: - - https://github.com/anonaddy/docker - urls: - - https://github.com/truecharts/apps/releases/download/anonaddy-6.0.4/anonaddy-6.0.4.tgz - version: 6.0.4 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -2602,38 +2509,6 @@ entries: - https://github.com/truecharts/apps/releases/download/anonaddy-6.0.0/anonaddy-6.0.0.tgz version: 6.0.0 apache-musicindex: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.4.1 - created: "2021-12-04T20:11:05.505204228Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Index and stream music using apache-musicindex and m3u playlists - digest: 5ec45766dbc42ce93575793aeb14b9fdf8df6016c8d34cc0f1c7e2fd7187e2e1 - home: https://github.com/truecharts/apps/tree/master/charts/stable/apache-musicindex - icon: https://en.wikipedia.org/wiki/Apache_HTTP_Server#/media/File:Apache_HTTP_server_logo_(2019-present).svg - keywords: - - apache-musicindex - - streaming - - m3u - - playlist - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: apache-musicindex - sources: - - http://hacks.slashdirt.org/sw/musicindex/ - urls: - - https://github.com/truecharts/apps/releases/download/apache-musicindex-2.0.15/apache-musicindex-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -2871,43 +2746,6 @@ entries: - https://github.com/truecharts/apps/releases/download/apache-musicindex-0.0.2/apache-musicindex-0.0.2.tgz version: 0.0.2 appdaemon: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - utilities - truecharts.org/grade: U - apiVersion: v2 - appVersion: 4.1.0 - created: "2021-12-04T20:11:05.714204487Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: AppDaemon is a loosely coupled, multithreaded, sandboxed python execution - environment for writing automation apps for Home Assistant home automation software. - It also provides a configurable dashboard (HADashboard) suitable for wall mounted - tablets. - digest: 8f2171cdac2564dedf8889b591cd3d6f1cf28e45f2e49a829e8653438b223326 - home: https://github.com/truecharts/apps/tree/master/charts/stable/appdaemon - icon: https://github.com/hassio-addons/addon-appdaemon/blob/main/appdaemon/icon.png?raw=true - keywords: - - appdaemon - - homeautomation - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - - email: 20650065+warllo54@users.noreply.github.com - name: warllo54 - url: truecharts.org - name: appdaemon - sources: - - https://github.com/AppDaemon/appdaemon - type: application - urls: - - https://github.com/truecharts/apps/releases/download/appdaemon-6.0.15/appdaemon-6.0.15.tgz - version: 6.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -5937,35 +5775,6 @@ entries: - https://github.com/truecharts/apps/releases/download/appdaemon-0.1.3/appdaemon-0.1.3.tgz version: 0.1.3 aria2: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:05.915902185Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: aria server for downloading web content - digest: ef2ba25b0365364768e9eb1e19b4aef189b3f948346838a0c93a9869865387b0 - home: https://github.com/truecharts/apps/tree/master/charts/stable/aira2 - icon: https://avatars.githubusercontent.com/u/13545224?s=200&v=4 - keywords: - - aria2 - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: aria2 - sources: - - https://github.com/P3TERX/Aria2-Pro-Docker - urls: - - https://github.com/truecharts/apps/releases/download/aria2-2.0.15/aria2-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -6208,41 +6017,6 @@ entries: - https://github.com/truecharts/apps/releases/download/aria2-0.0.2/aria2-0.0.2.tgz version: 0.0.2 audacity: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.0.2 - created: "2021-12-04T20:11:06.130628292Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: An easy-to-use, multi-track audio editor and recorder - digest: c55d2e6aa4ba64741ea0b87b953746410541729a6bb6820c31b6566a0c541c78 - home: https://github.com/truecharts/apps/tree/master/charts/stable/audacity - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/audacity-logo.png - keywords: - - audacity - - music - - recorder - - editor - - audio - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: audacity - sources: - - https://github.com/linuxserver/docker-audacity - - https://www.audacityteam.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/audacity-2.0.15/audacity-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -6504,55 +6278,6 @@ entries: - https://github.com/truecharts/apps/releases/download/audacity-0.0.2/audacity-0.0.2.tgz version: 0.0.2 authelia: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - security - truecharts.org/grade: U - apiVersion: v2 - appVersion: 4.33.0 - created: "2021-12-04T20:11:06.358833113Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - - condition: redis.enabled - name: redis - repository: https://truecharts.org/ - version: 1.0.22 - description: Authelia is a Single Sign-On Multi-Factor portal for web apps - digest: 7694ae2e11477ec75ed9e8435141de481fe8970d7927f3b234559cd0b4615e89 - home: https://github.com/truecharts/apps/tree/master/charts/stable/authelia - icon: https://avatars2.githubusercontent.com/u/59122411?s=200&v=4 - keywords: - - authelia - - authentication - - login - - SSO - - Authentication - - Security - - Two-Factor - - U2F - - YubiKey - - Push Notifications - - LDAP - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: authelia - sources: - - https://github.com/authelia/chartrepo - - https://github.com/authelia/authelia - type: application - urls: - - https://github.com/truecharts/apps/releases/download/authelia-8.0.8/authelia-8.0.8.tgz - version: 8.0.8 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -10589,46 +10314,6 @@ entries: - https://github.com/truecharts/apps/releases/download/authelia-0.0.1/authelia-0.0.1.tgz version: 0.0.1 babybuddy: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.9.1 - created: "2021-12-04T20:11:06.581322286Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Helps caregivers track sleep, feedings, diaper changes, tummy time - and more to learn about and predict baby's needs without (as much) guess work. - digest: 8536d3a76287da864f7e607cad97c07577c5b27608c67e575c37831a1c4d2f77 - home: https://github.com/truecharts/apps/tree/main/charts/babybuddy - icon: https://github.com/babybuddy/babybuddy/raw/master/babybuddy/static_src/logo/icon.png - keywords: - - baby - - buddy - - tracker - - parents - - parenting - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: babybuddy - sources: - - https://github.com/babybuddy/babybuddy - - https://github.com/nicholaswilde/docker-babybuddy - type: application - urls: - - https://github.com/truecharts/apps/releases/download/babybuddy-5.0.9/babybuddy-5.0.9.tgz - version: 5.0.9 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -11180,43 +10865,6 @@ entries: - https://github.com/truecharts/apps/releases/download/babybuddy-0.0.1/babybuddy-0.0.1.tgz version: 0.0.1 bazarr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.0.1 - created: "2021-12-04T20:11:06.79089805Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Bazarr is a companion application to Sonarr and Radarr. It manages - and downloads subtitles based on your requirements - digest: 3030b798a33076f29cb9da9a22db49ee51ae048bfca5a07f9486303863b6f305 - home: https://github.com/truecharts/apps/tree/master/charts/stable/bazarr - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/bazarr.png - keywords: - - bazarr - - radarr - - sonarr - - subtitles - - usenet - - torrent - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: bazarr - sources: - - https://github.com/morpheus65535/bazarr - - https://hub.docker.com/r/linuxserver/bazarr - type: application - urls: - - https://github.com/truecharts/apps/releases/download/bazarr-9.0.17/bazarr-9.0.17.tgz - version: 9.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -14627,41 +14275,6 @@ entries: - https://github.com/truecharts/apps/releases/download/bazarr-3.1.5/bazarr-3.1.5.tgz version: 3.1.5 beets: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.5.0 - created: "2021-12-04T20:11:06.999721108Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A music library manager and not, for the most part, a music player. - digest: 4893269d2453fc05acef3ad4c0eb0678da983338efcf885a49b596dc647bf8bc - home: https://github.com/truecharts/apps/tree/master/charts/stable/beets - icon: https://github.com/truecharts/apps/raw/main/images/beets.png - keywords: - - music - - library - - manager - - player - - beets - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: beets - sources: - - https://github.com/linuxserver/docker-beets - - https://beets.io/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/beets-2.0.17/beets-2.0.17.tgz - version: 2.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -15262,44 +14875,6 @@ entries: - https://github.com/truecharts/apps/releases/download/bitwarden-1.2.5/bitwarden-1.2.5.tgz version: 1.2.5 blog: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - hosting - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:07.216004429Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Lightweight self-hosted facebook-styled PHP blog. - digest: 432dd4ce008c7d9d5fe3d43283b0bc7a7886504c0874af2425d6dee7f360f996 - home: https://github.com/truechartsapps/tree/master/charts/stable/blog - icon: https://demo.photoprism.org/static/img/logo-avatar.svg - keywords: - - blog - - php - - self - - hosted - - facebook - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: blog - sources: - - https://github.com/m1k1o/blog - - https://github.com/nicholaswilde/docker-blog - urls: - - https://github.com/truecharts/apps/releases/download/blog-0.0.4/blog-0.0.4.tgz - version: 0.0.4 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -15377,38 +14952,6 @@ entries: - https://github.com/truecharts/apps/releases/download/blog-0.0.1/blog-0.0.1.tgz version: 0.0.1 booksonic-air: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2009.1.0 - created: "2021-12-04T20:11:07.404310114Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Booksonic is a platform for accessing the audibooks you own wherever - you are - digest: 13a6d30c034e53c6f72f4b7608867f458d2a84cb785c72ffd3f363d78fc294e3 - home: https://github.com/truechartsapps/tree/master/charts/stable/booksonic-air - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/booksonic-air.png - keywords: - - booksonic - - audiobook - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: booksonic-air - sources: - - https://github.com/popeen/Booksonic-Air - - https://hub.docker.com/r/linuxserver/booksonic-air - urls: - - https://github.com/truecharts/apps/releases/download/booksonic-air-4.0.16/booksonic-air-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -17055,46 +16598,6 @@ entries: - https://github.com/truecharts/apps/releases/download/booksonic-air-1.0.1/booksonic-air-1.0.1.tgz version: 1.0.1 bookstack: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 21.11.2021 - created: "2021-12-04T20:11:07.597412339Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: A simple, self-hosted, easy-to-use platform for organising and storing - information. - digest: 0c7898ea8eb5be829a15fdfa5286218f37f29ba62c76b7975b7ca2c53f4e868c - home: https://github.com/truechartsapps/tree/master/charts/stable/bookstack - icon: https://avatars3.githubusercontent.com/u/20912696?s=400&v=4?sanitize=true - keywords: - - bookstack - - book - - stack - - organizer - - server - - hosted - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: bookstack - sources: - - https://www.bookstackapp.com/ - - https://hub.docker.com/r/linuxserver/bookstack - urls: - - https://github.com/truecharts/apps/releases/download/bookstack-0.0.5/bookstack-0.0.5.tgz - version: 0.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -17216,36 +16719,6 @@ entries: - https://github.com/truecharts/apps/releases/download/bookstack-0.0.1/bookstack-0.0.1.tgz version: 0.0.1 calibre: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 5.32.0 - created: "2021-12-04T20:11:07.804489383Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Calibre is a powerful and easy to use e-book manager. - digest: 934c71c575959b9029ac9d5a36644d2c8b2a7955c1f3203429c56d755ee547ad - home: https://github.com/truechartsapps/tree/master/charts/stable/calibre - icon: https://github.com/kovidgoyal/calibre/raw/master/resources/images/lt.png - keywords: - - calibre - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: calibre - sources: - - https://hub.docker.com/r/linuxserver/calibre/ - - https://github.com/kovidgoyal/calibre/ - urls: - - https://github.com/truecharts/apps/releases/download/calibre-4.0.18/calibre-4.0.18.tgz - version: 4.0.18 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -18902,40 +18375,6 @@ entries: - https://github.com/truecharts/apps/releases/download/calibre-1.0.1/calibre-1.0.1.tgz version: 1.0.1 calibre-web: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.6.12 - created: "2021-12-04T20:11:08.000419532Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Calibre-Web is a web app providing a clean interface for browsing, - reading and downloading eBooks using an existing Calibre database. - digest: 237d07f5e5855164d7e3c3008359883060ef19f1ad1c081359e562ce6b2d0e1a - home: https://github.com/truecharts/apps/tree/master/charts/stable/calibre-web - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/calibre-web-icon.png - keywords: - - calibre-web - - calibre - - ebook - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: calibre-web - sources: - - https://hub.docker.com/r/linuxserver/calibre-web/ - - https://github.com/janeczku/calibre-web - type: application - urls: - - https://github.com/truecharts/apps/releases/download/calibre-web-9.0.15/calibre-web-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -21624,45 +21063,6 @@ entries: - https://github.com/truecharts/apps/releases/download/calibre-web-3.1.5/calibre-web-3.1.5.tgz version: 3.1.5 clarkson: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - vehicle - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.1.2 - created: "2021-12-04T20:11:08.255480379Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: A web-based dashboard application that gives you a neat and clean - interface for logging your fuel fill-ups for all of your vehicles. - digest: 1b8be334bd1100cb869f162d92882d1b1222e38feecd01f9ae0f09d9e11e5778 - home: https://github.com/truechartsapps/tree/master/charts/stable/clarkson - icon: https://github.com/linuxserver/Clarkson/raw/master/src/mstile-150x150.png - keywords: - - fuel - - car - - log - - fill-up - - vehicle - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: clarkson - sources: - - https://github.com/linuxserver/Clarkson - - https://hub.docker.com/r/linuxserver/clarkson - urls: - - https://github.com/truecharts/apps/releases/download/clarkson-0.0.5/clarkson-0.0.5.tgz - version: 0.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -21781,41 +21181,6 @@ entries: - https://github.com/truecharts/apps/releases/download/clarkson-0.0.1/clarkson-0.0.1.tgz version: 0.0.1 cloud9: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.29.2 - created: "2021-12-04T20:11:08.442210751Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A complete web based IDE with terminal access - digest: 0020a68b204d2c72ed9e7d1ca55006050fcfb565148ad83a165a4f8de72619d5 - home: https://github.com/truecharts/apps/tree/master/charts/stable/cloud9 - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/cloud9.png - keywords: - - cloud9 - - ide - - terminal - - web - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: cloud9 - sources: - - https://aws.amazon.com/cloud9/ - - https://github.com/c9/core - - https://hub.docker.com/r/linuxserver/cloud9 - type: application - urls: - - https://github.com/truecharts/apps/releases/download/cloud9-2.0.18/cloud9-2.0.18.tgz - version: 2.0.18 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -22182,40 +21547,6 @@ entries: - https://github.com/truecharts/apps/releases/download/cloud9-0.0.2/cloud9-0.0.2.tgz version: 0.0.2 code-server: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.12.0 - created: "2021-12-04T20:11:08.640033716Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Run VS Code on any machine anywhere and access it in the browser. - digest: c6cae0e9687879386c039f31ea9c3334f0a72c915d12a53655b9f58536d6255a - home: https://github.com/truecharts/apps/tree/master/charts/stable/code-server - icon: https://github.com/truecharts/apps/raw/main/images/code-server.jpg - keywords: - - code - - vs - - visual studio - - vscode - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: code-server - sources: - - https://github.com/cdr/code-server - - https://hub.docker.com/r/linuxserver/code-server - type: application - urls: - - https://github.com/truecharts/apps/releases/download/code-server-2.0.15/code-server-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -22469,41 +21800,6 @@ entries: - https://github.com/truecharts/apps/releases/download/code-server-0.0.2/code-server-0.0.2.tgz version: 0.0.2 collabora-online: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - office - - documents - - productivity - truecharts.org/grade: U - apiVersion: v2 - appVersion: 6.4.14.3 - created: "2021-12-04T20:11:08.82702149Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Collabora Online Development Edition – an awesome, Online Office - suite image suitable for home use. - digest: 1db6c95b2709fe6e496f2df00f42d36e47a2a273ef305127383c169b10c860bd - home: https://github.com/truecharts/apps/tree/master/charts/stable/collabora-online - icon: https://truecharts.org/_static/img/collabora-icon.png - keywords: - - collabora-online - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: collabora-online - sources: - - https://hub.docker.com/r/collabora/code - - https://sdk.collaboraonline.com/contents.html - - https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm - type: application - urls: - - https://github.com/truecharts/apps/releases/download/collabora-online-9.0.15/collabora-online-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -30362,35 +29658,6 @@ entries: - https://github.com/truecharts/apps/releases/download/common-test-2.0.0/common-test-2.0.0.tgz version: 2.0.0 cryptofolio: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.2.0 - created: "2021-12-04T20:11:09.025734363Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Track your cryptocurrency holdings/portfolio - digest: 436d3f766b223ede3853354faf1084db0e7ed3599c13451d14cb6689c64d0490 - home: https://github.com/truecharts/apps/tree/master/charts/stable/cryptofolio - icon: https://raw.githubusercontent.com/Xtrendence/Cryptofolio/main/website/assets/img/Logo.png - keywords: - - cryptofolio - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: cryptofolio - sources: - - https://github.com/Xtrendence/cryptofolio - urls: - - https://github.com/truecharts/apps/releases/download/cryptofolio-2.0.15/cryptofolio-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -30604,36 +29871,6 @@ entries: - https://github.com/truecharts/apps/releases/download/cryptofolio-0.0.2/cryptofolio-0.0.2.tgz version: 0.0.2 custom-app: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - custom - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.20.83 - created: "2021-12-04T20:11:09.227649562Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Advanced tool to create your own TrueCharts-based App - digest: 241def281f0a1104553bb3b6e17a6714c69a59520ede37ff1ff63ae7fc98f363 - home: https://github.com/truecharts/apps/tree/master/charts/stable/custom-app - icon: https://truecharts.org/_static/img/custom-app-icon.png - keywords: - - custom - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: custom-app - sources: - - https://github.com/truecharts/apps/tree/master/charts/stable/custom-app - type: application - urls: - - https://github.com/truecharts/apps/releases/download/custom-app-3.0.25/custom-app-3.0.25.tgz - version: 3.0.25 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -31905,40 +31142,6 @@ entries: - https://github.com/truecharts/apps/releases/download/custom-app-0.0.1/custom-app-0.0.1.tgz version: 0.0.1 davos: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.2.1 - created: "2021-12-04T20:11:09.487215947Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: An FTP automation tool that periodically scans given host locations - for new files. - digest: fdf7ac9413aba46136c93da95e42251896ad93305b6920a638a2e0e558916c7e - home: https://github.com/truecharts/apps/tree/master/charts/stable/davos - icon: https://github.com/linuxserver/davos/raw/master/src/main/resources/static/android-chrome-192x192.png - keywords: - - davos - - ftp - - automation - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: davos - sources: - - https://github.com/linuxserver/docker-davos - - https://github.com/linuxserver/davos/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/davos-2.0.15/davos-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -32192,40 +31395,6 @@ entries: - https://github.com/truecharts/apps/releases/download/davos-0.0.2/davos-0.0.2.tgz version: 0.0.2 deconz: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.13.01 - created: "2021-12-04T20:11:09.676893344Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: deCONZ is an easy to use control software, with which you can set - up and control Zigbee networks of any size without further programming effort. - digest: 17ca31d5391080c4eabd1a3714703fcdce171eba734832dd17c270c6c4cd5b65 - home: https://github.com/truechartsapps/tree/master/charts/stable/deconz - icon: https://avatars1.githubusercontent.com/u/4217524?s=400&v=4 - keywords: - - deconz - - home-automation - - zigbee - - conbee - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: deconz - sources: - - https://github.com/dresden-elektronik/deconz-rest-plugin - - https://github.com/marthoc/docker-deconz - urls: - - https://github.com/truecharts/apps/releases/download/deconz-5.0.2/deconz-5.0.2.tgz - version: 5.0.2 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -34055,39 +33224,6 @@ entries: - https://github.com/truecharts/apps/releases/download/deconz-1.0.1/deconz-1.0.1.tgz version: 1.0.1 deepstack-cpu: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - AI - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2021.09.1 - created: "2021-12-04T20:11:09.883651684Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: DeepStack AI provides AI features including Face Recognition, Object - Detection, Scene Recognition and custom AI Models - digest: 9691d546f611bc31d724ed3cb247778b77bec23244bf95d21183481c72d0b812 - home: https://github.com/truecharts/apps/tree/master/charts/stable/deepstack-cpu - icon: https://deepquest.sfo2.digitaloceanspaces.com/deepstackcc/static/img/deepstacklogo.png - keywords: - - AI - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: deepstack-cpu - sources: - - https://github.com/johnolafenwa/DeepStack - - https://hub.docker.com/r/deepquestai/deepstack - - https://www.deepstack.cc/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/deepstack-cpu-7.0.15/deepstack-cpu-7.0.15.tgz - version: 7.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -36909,39 +36045,6 @@ entries: - https://github.com/truecharts/apps/releases/download/deepstack-cpu-1.0.3/deepstack-cpu-1.0.3.tgz version: 1.0.3 deepstack-gpu: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - AI - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2021.09.1 - created: "2021-12-04T20:11:10.105728261Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: DeepStack AI provides AI features including Face Recognition, Object - Detection, Scene Recognition and custom AI Models - digest: a0e673cf26df61950ba50aad1136a072ebff33794d564aa8546fd62ac3423f8e - home: https://github.com/truecharts/apps/tree/master/charts/stable/deepstack-gpu - icon: https://deepquest.sfo2.digitaloceanspaces.com/deepstackcc/static/img/deepstacklogo.png - keywords: - - AI - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: deepstack-gpu - sources: - - https://github.com/johnolafenwa/DeepStack - - https://hub.docker.com/r/deepquestai/deepstack - - https://www.deepstack.cc/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/deepstack-gpu-2.0.15/deepstack-gpu-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -37177,38 +36280,6 @@ entries: - https://github.com/truecharts/apps/releases/download/deepstack-gpu-1.0.0/deepstack-gpu-1.0.0.tgz version: 1.0.0 deluge: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.0.3 - created: "2021-12-04T20:11:10.294552399Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Deluge App for TrueNAS SCALE - digest: 92f870382fe054c84a3f9e9fd7fab202160b12e767759ea043cd765b7c843d42 - home: https://github.com/truecharts/apps/tree/master/charts/stable/deluge - icon: https://avatars2.githubusercontent.com/u/6733935?v=3&s=200 - keywords: - - transmission - - torrent - - usenet - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: deluge - sources: - - https://github.com/deluge-torrent/deluge - type: application - urls: - - https://github.com/truecharts/apps/releases/download/deluge-9.0.16/deluge-9.0.16.tgz - version: 9.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -39786,41 +38857,6 @@ entries: - https://github.com/truecharts/apps/releases/download/deluge-3.1.5/deluge-3.1.5.tgz version: 3.1.5 digikam: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 7.3.0 - created: "2021-12-04T20:11:10.487196269Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Professional Photo Management with the Power of Open Source - digest: 7896d3266f6e521f540aca698d491ca4a1f431f21a9a408975f427bbcbb61afe - home: https://github.com/truecharts/apps/tree/master/charts/stable/digikam - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/digikam.png - keywords: - - digikam - - photo - - management - - image - - gallery - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: digikam - sources: - - https://github.com/linuxserver/docker-digikam - - https://www.digikam.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/digikam-2.0.17/digikam-2.0.17.tgz - version: 2.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -40152,37 +39188,6 @@ entries: - https://github.com/truecharts/apps/releases/download/digikam-0.0.2/digikam-0.0.2.tgz version: 0.0.2 dizquetv: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.5.0 - created: "2021-12-04T20:11:10.684347579Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Create live TV channel streams from media on your Plex servers. - digest: d6bf93b14a01bfb0297274f03046b78e5d1d45bfdca169e228d69665a4b9778f - home: https://github.com/truechartsapps/tree/master/charts/stable/dizquetv - icon: https://github.com/vexorian/dizquetv/raw/main/resources/dizquetv.png?raw=true - keywords: - - dizqueTV - - dizquetv - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: dizquetv - sources: - - https://github.com/vexorian/dizquetv - - https://hub.docker.com/r/vexorian/dizquetv - urls: - - https://github.com/truecharts/apps/releases/download/dizquetv-4.0.14/dizquetv-4.0.14.tgz - version: 4.0.14 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -41712,40 +40717,6 @@ entries: - https://github.com/truecharts/apps/releases/download/dizquetv-1.0.1/dizquetv-1.0.1.tgz version: 1.0.1 doublecommander: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.8.2 - created: "2021-12-04T20:11:10.872002106Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A free cross platform open source file manager with two panels side - by side. - digest: ad017408df299c8d193b4e1611960abba0b5d313ee12ce8f3e15d76a019afd6e - home: https://github.com/truecharts/apps/tree/master/charts/stable/doublecommander - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/doublecommander-icon.png - keywords: - - doublecommander - - file - - manager - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: doublecommander - sources: - - https://github.com/linuxserver/docker-doublecommander - - https://doublecmd.sourceforge.io/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/doublecommander-2.0.18/doublecommander-2.0.18.tgz - version: 2.0.18 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -42101,42 +41072,6 @@ entries: - https://github.com/truecharts/apps/releases/download/doublecommander-0.0.2/doublecommander-0.0.2.tgz version: 0.0.2 dsmr-reader: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2021.09.02 - created: "2021-12-04T20:11:11.090297999Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: DSMR-protocol reader, telegram data storage and energy consumption - visualizer. - digest: 403097c68f1c0a79133d5264caca57981aa9588c2a645126f9ca4b5407b5474a - home: https://github.com/truecharts/apps/tree/master/charts/stable/dsmr-reader - icon: https://avatars2.githubusercontent.com/u/57727360?s=400&v=4 - keywords: - - dsmr-reader - - energy - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: dsmr-reader - sources: - - https://github.com/dsmrreader/dsmr-reader - - https://github.com/xirixiz/dsmr-reader-docker - urls: - - https://github.com/truecharts/apps/releases/download/dsmr-reader-5.0.5/dsmr-reader-5.0.5.tgz - version: 5.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -42488,36 +41423,6 @@ entries: - https://github.com/truecharts/apps/releases/download/dsmr-reader-0.0.1/dsmr-reader-0.0.1.tgz version: 0.0.1 duplicati: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: beta - created: "2021-12-04T20:11:11.275883809Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Store securely encrypted backups on cloud storage services! - digest: 56892b844b6ba5cadba590c06e32b7f126cb67d1ec1bef2068e28901db86100e - home: https://github.com/truechartsapps/tree/master/charts/stable/duplicati - icon: https://avatars.githubusercontent.com/u/8270231?s=200&v=4 - keywords: - - duplicati - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: duplicati - sources: - - https://hub.docker.com/r/linuxserver/duplicati/ - - https://github.com/duplicati/duplicati - urls: - - https://github.com/truecharts/apps/releases/download/duplicati-4.0.15/duplicati-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -44069,39 +42974,6 @@ entries: - https://github.com/truecharts/apps/releases/download/duplicati-1.0.1/duplicati-1.0.1.tgz version: 1.0.1 emby: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 4.6.7.0 - created: "2021-12-04T20:11:11.460277708Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Emby Server is a home media server - digest: 969c55adaa0da81f8bd1ecdb1ef5809201c466971715aca9261cc4012ce79721 - home: https://github.com/truecharts/apps/master/stable/emby - icon: https://truecharts.org/_static/img/emby-icon.png - keywords: - - jellyfin - - plex - - emby - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: emby - sources: - - https://hub.docker.com/r/linuxserver/emby - - https://github.com/linuxserver/docker-emby.git - type: application - urls: - - https://github.com/truecharts/apps/releases/download/emby-9.0.17/emby-9.0.17.tgz - version: 9.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -47019,38 +45891,6 @@ entries: - https://github.com/truecharts/apps/releases/download/emby-3.1.5/emby-3.1.5.tgz version: 3.1.5 esphome: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - tools - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2021.11.4 - created: "2021-12-04T20:11:11.656475209Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: ESPHome is a system to control your ESP8266/ESP32 by simple yet powerful - configuration files and control them remotely through Home Automation systems. - digest: a16d369da202023d6b885cff95bc0dba8bf72d3cc4c6fe2a9adf90ea7c8e212b - home: https://github.com/truecharts/apps/tree/master/charts/stable/esphome - icon: https://esphome.io/_images/logo.svg - keywords: - - esphome - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: esphome - sources: - - https://github.com/esphome/esphome - - https://hub.docker.com/u/esphome - type: application - urls: - - https://github.com/truecharts/apps/releases/download/esphome-9.0.18/esphome-9.0.18.tgz - version: 9.0.18 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -50166,46 +49006,6 @@ entries: - https://github.com/truecharts/apps/releases/download/esphome-3.1.5/esphome-3.1.5.tgz version: 3.1.5 etherpad: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.8.14 - created: "2021-12-04T20:11:11.867187637Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: A real-time collaborative editor scalable to thousands of simultaneous - real time users. - digest: f66732054078e3cd8afbff1053874c6aa31dfd235a062aa46fd490227fade38f - home: https://github.com/truecharts/apps/tree/main/charts/etherpad - icon: https://github.com/truecharts/apps/raw/main/images/etherpad.jpg - keywords: - - etherpad - - editor - - notepad - - pad - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: etherpad - sources: - - https://etherpad.org/ - - https://github.com/ether/etherpad-lite - - https://hub.docker.com/r/nicholaswilde/etherpad - type: application - urls: - - https://github.com/truecharts/apps/releases/download/etherpad-5.0.6/etherpad-5.0.6.tgz - version: 5.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -50597,37 +49397,6 @@ entries: - https://github.com/truecharts/apps/releases/download/etherpad-0.0.1/etherpad-0.0.1.tgz version: 0.0.1 external-service: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - networking - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.66.6 - created: "2021-12-04T20:11:12.067936678Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Allow external services to be used like Apps. - digest: c447afe814e3a115d5fcc6300f7237a290520dba63f40d164fb769ace2843db9 - home: https://github.com/truecharts/apps/tree/master/charts/stable/external-service - icon: https://truecharts.org/_static/img/external-service-icon.png - keywords: - - external-service - - reverse-proxy - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: external-service - sources: - - https://github.com/truecharts/apps/tree/master/charts/stable/external-service - type: application - urls: - - https://github.com/truecharts/apps/releases/download/external-service-4.0.14/external-service-4.0.14.tgz - version: 4.0.14 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -51893,41 +50662,6 @@ entries: - https://github.com/truecharts/apps/releases/download/external-service-0.0.1/external-service-0.0.1.tgz version: 0.0.1 filezilla: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.51.0 - created: "2021-12-04T20:11:12.246328525Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A Helm chart for Kubernetes - digest: 0b9e63eda69fe7d332b3df6278bfbf55c0cd751129dee92bc2383cea198b3666 - home: https://github.com/truecharts/apps/tree/master/charts/stable/filezilla - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/filezilla-logo.png - keywords: - - filezilla - - ftp - - sftp - - ftps - - client - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: filezilla - sources: - - https://filezilla-project.org/ - - https://github.com/linuxserver/docker-filezilla - type: application - urls: - - https://github.com/truecharts/apps/releases/download/filezilla-2.0.15/filezilla-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -52189,41 +50923,6 @@ entries: - https://github.com/truecharts/apps/releases/download/filezilla-0.0.2/filezilla-0.0.2.tgz version: 0.0.2 fireflyiii: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - finacial - truecharts.org/grade: U - apiVersion: v2 - appVersion: 5.5.12 - created: "2021-12-04T20:11:12.45916397Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: A free and open source personal finance manager - digest: 1340057ca669bb0b3f4404753ad292e7968905ca198b9f5e9fa5b0729be6a915 - home: https://github.com/firefly-iii/firefly-iii/ - icon: https://www.firefly-iii.org/assets/logo/color.png - keywords: - - fireflyiii - - finacial - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: fireflyiii - sources: - - https://github.com/firefly-iii/firefly-iii/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/fireflyiii-13.0.6/fireflyiii-13.0.6.tgz - version: 13.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -57044,45 +55743,6 @@ entries: - https://github.com/truecharts/apps/releases/download/fireflyiii-1.0.1/fireflyiii-1.0.1.tgz version: 1.0.1 firefox-syncserver: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.8.0 - created: "2021-12-04T20:11:12.667706779Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: This is an all-in-one package for running a self-hosted Firefox Sync - server. - digest: 83d0b45144c582b729812b2c4e701bd263a8c7fbc8648f8cad9ed667b96cd2b8 - home: https://github.com/truecharts/apps/tree/main/charts/firefox-syncserver - icon: https://upload.wikimedia.org/wikipedia/en/0/01/Firefox_Sync_logo.png - keywords: - - server - - sync - - syncserver - - firefox - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: firefox-syncserver - sources: - - https://moz-services-docs.readthedocs.io/en/latest/howtos/run-sync-1.5.html - - https://hub.docker.com/r/crazymax/firefox-syncserver - type: application - urls: - - https://github.com/truecharts/apps/releases/download/firefox-syncserver-5.0.6/firefox-syncserver-5.0.6.tgz - version: 5.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -57464,37 +56124,6 @@ entries: - https://github.com/truecharts/apps/releases/download/firefox-syncserver-0.0.1/firefox-syncserver-0.0.1.tgz version: 0.0.1 flaresolverr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.0.2 - created: "2021-12-04T20:11:12.843676605Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: FlareSolverr is a proxy server to bypass Cloudflare protection - digest: e0bb5db8c7f66e817d7dbedaa65a9abfa46b2068d34c9874d6e5f511ea202a7f - home: https://github.com/truechartsapps/tree/master/charts/stable/flaresolverr - icon: https://raw.githubusercontent.com/FlareSolverr/FlareSolverr/master/resources/flaresolverr_logo.svg - keywords: - - flaresolverr - - jackett - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: flaresolverr - sources: - - https://github.com/FlareSolverr/FlareSolverr - - https://hub.docker.com/r/flaresolverr/flaresolverr - urls: - - https://github.com/truecharts/apps/releases/download/flaresolverr-4.0.16/flaresolverr-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -59029,39 +57658,6 @@ entries: - https://github.com/truecharts/apps/releases/download/flaresolverr-1.0.1/flaresolverr-1.0.1.tgz version: 1.0.1 flood: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 4.7.0 - created: "2021-12-04T20:11:13.032287241Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Flood is a monitoring service for various torrent clients - digest: e21c380f985435f6064fc5b01ad1070c65a5a0a9806fcfb6157adf6c8cc44d49 - home: https://github.com/truechartsapps/tree/master/charts/stable/flood - icon: https://raw.githubusercontent.com/jesec/flood/master/flood.svg - keywords: - - flood - - rtorrent - - qbittorrent - - transmission - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: flood - sources: - - https://github.com/jesec/flood - - https://hub.docker.com/r/jesec/flood - urls: - - https://github.com/truecharts/apps/releases/download/flood-4.0.14/flood-4.0.14.tgz - version: 4.0.14 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -60707,40 +59303,6 @@ entries: - https://github.com/truecharts/apps/releases/download/flood-1.0.1/flood-1.0.1.tgz version: 1.0.1 focalboard: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.8.0 - created: "2021-12-04T20:11:13.225847319Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Focalboard is an open source, self-hosted alternative to Trello, - Notion, and Asana. - digest: 1bdff71fed263b94bfed5d237a055b49f7f7ba6ed03825027fb377c362810aea - home: https://github.com/truechartsapps/tree/master/charts/stable/focalboard - icon: https://github.com/mattermost/focalboard/raw/main/webapp/static/favicon.svg - keywords: - - focalboard - - kanban - - project management - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: focalboard - sources: - - https://www.focalboard.com/ - - https://github.com/mattermost/focalboard - - https://github.com/FlipEnergy/container-images/blob/main/focalboard - urls: - - https://github.com/truecharts/apps/releases/download/focalboard-4.0.15/focalboard-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -62444,38 +61006,6 @@ entries: - https://github.com/truecharts/apps/releases/download/focalboard-1.0.1/focalboard-1.0.1.tgz version: 1.0.1 fossil: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.15.1 - created: "2021-12-04T20:11:13.409161309Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A simple, high-reliability, distributed software configuration management - system - digest: 1d599d3ecaeaf4f32e277c980a1c60ac27cdef008fcee932a404cf11f2333752 - home: https://github.com/truecharts/apps/tree/master/charts/stable/fossil - icon: https://fossil-scm.org/home/doc/trunk/www/fossil3.gif - keywords: - - fossil - - scm - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: fossil - sources: - - https://fossil-scm.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/fossil-2.0.15/fossil-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -62713,38 +61243,6 @@ entries: - https://github.com/truecharts/apps/releases/download/fossil-0.0.2/fossil-0.0.2.tgz version: 0.0.2 freeradius: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - auth - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.0.23 - created: "2021-12-04T20:11:13.610802658Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: OpenSource Radius implementation - digest: 12f95bf0fd97f677e4254b1936e94273d3cab511f33cbf15c30d65c147613ad8 - home: https://www.openldap.org - icon: https://networkradius.com/assets/img/FR-NR.svg - keywords: - - radius - - auth - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: freeradius - sources: - - https://hub.docker.com/r/freeradius/freeradius-server/ - - https://freeradius.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/freeradius-4.0.16/freeradius-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -64387,38 +62885,6 @@ entries: - https://github.com/truecharts/apps/releases/download/freeradius-1.0.0/freeradius-1.0.0.tgz version: 1.0.0 freshrss: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.18.1 - created: "2021-12-04T20:11:13.798777188Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: FreshRSS is a self-hosted RSS feed aggregator - digest: c4f43e4e4b77f8bfb3ed92a55ebf187cb65abf804cef65864c35b0a5eaf29bb0 - home: https://github.com/truecharts/apps/tree/master/charts/stable/freshrss - icon: https://github.com/FreshRSS/FreshRSS/blob/master/docs/img/FreshRSS-logo.png?raw=true - keywords: - - freshrss - - rss - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: freshrss - sources: - - https://github.com/FreshRSS/FreshRSS - - https://hub.docker.com/r/linuxserver/freshrss - type: application - urls: - - https://github.com/truecharts/apps/releases/download/freshrss-9.0.19/freshrss-9.0.19.tgz - version: 9.0.19 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -67100,41 +65566,6 @@ entries: - https://github.com/truecharts/apps/releases/download/freshrss-3.1.5/freshrss-3.1.5.tgz version: 3.1.5 friendica: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - social - truecharts.org/grade: U - apiVersion: v2 - appVersion: "2021.09" - created: "2021-12-04T20:11:14.014267257Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: Welcome to the free social web - digest: e7d8026de357ea1220c477b510e277435e98302213cecfc08b5338c3760a2464 - home: https://github.com/truechartsapps/tree/master/charts/stable/friendica - icon: https://d1q6f0aelx0por.cloudfront.net/product-logos/library-friendica-logo.png - keywords: - - friend - - social - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: friendica - sources: - - https://friendi.ca/ - - https://hub.docker.com/_/friendica - urls: - - https://github.com/truecharts/apps/releases/download/friendica-0.0.5/friendica-0.0.5.tgz - version: 0.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -67241,39 +65672,6 @@ entries: - https://github.com/truecharts/apps/releases/download/friendica-0.0.1/friendica-0.0.1.tgz version: 0.0.1 gaps: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.8.8 - created: "2021-12-04T20:11:14.207903436Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Gaps searches through your Plex Server or local folders for all movies, - then queries for known movies in the same collection. - digest: da14ee4a6555c7d996e379ea6edcc14fc973b5181105fb9c8fed28c56034c004 - home: https://github.com/truecharts/apps/tree/master/charts/stable/gaps - icon: https://raw.githubusercontent.com/JasonHHouse/gaps/master/images/Final-Black.png - keywords: - - gaps - - plex - - plex-media-server - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: gaps - sources: - - https://github.com/JasonHHouse/gaps - type: application - urls: - - https://github.com/truecharts/apps/releases/download/gaps-9.0.15/gaps-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -69813,51 +68211,6 @@ entries: - https://github.com/truecharts/apps/releases/download/gaps-3.1.5/gaps-3.1.5.tgz version: 3.1.5 gitea: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - GIT - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.15.7 - created: "2021-12-04T20:11:14.433436092Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - - condition: memcached.enabled - name: memcached - repository: https://truecharts.org/ - version: 1.0.20 - description: Self hosted GIT repositories - digest: 38ddafa875d79038af5d85d994c724d8be60cd5020146cb06ed6924c84227b6c - home: https://github.com/truecharts/apps/tree/master/charts/stable/gitea - icon: https://docs.gitea.io/images/gitea.png - keywords: - - git - - issue tracker - - code review - - wiki - - gitea - - gogs - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: gitea - sources: - - https://gitea.com/gitea/helm-chart - - https://github.com/go-gitea/gitea - - https://hub.docker.com/r/gitea/gitea/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/gitea-5.0.7/gitea-5.0.7.tgz - version: 5.0.7 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -71219,41 +69572,6 @@ entries: - https://github.com/truecharts/apps/releases/download/gitea-0.0.1/gitea-0.0.1.tgz version: 0.0.1 golinks: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 154c581 - created: "2021-12-04T20:11:14.609116015Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A web app that allows you to create smart bookmarks, commands and - aliases by pointing your web browser's default search engine at a running instance. - digest: 690b3ab7942198d084cb67fbaa2fe363854daa873aaf3367fc386727fb38ab42 - home: https://github.com/truecharts/apps/tree/master/charts/stable/golinks - keywords: - - search - - browser - - bookmarks - - smart-bookmarks - - golinks - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: golinks - sources: - - https://github.com/prologic/golinks - - https://github.com/nicholaswilde/docker-golinks - type: application - urls: - - https://github.com/truecharts/apps/releases/download/golinks-2.0.15/golinks-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -71515,37 +69833,6 @@ entries: - https://github.com/truecharts/apps/releases/download/golinks-0.0.2/golinks-0.0.2.tgz version: 0.0.2 gonic: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.14.0 - created: "2021-12-04T20:11:14.813034484Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Music streaming server / subsonic server API implementation - digest: 2d5770e65eadb0eb6b918befeb713fa19b48200c88d6be3319beadb469201491 - home: https://github.com/truechartsapps/tree/master/charts/stable/gonic - icon: https://raw.githubusercontent.com/sentriz/gonic/master/.github/logo.png - keywords: - - music - - subsonic - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: gonic - sources: - - https://github.com/sentriz/gonic - - https://hub.docker.com/r/sentriz/gonic - urls: - - https://github.com/truecharts/apps/releases/download/gonic-4.0.14/gonic-4.0.14.tgz - version: 4.0.14 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -73049,44 +71336,6 @@ entries: - https://github.com/truecharts/apps/releases/download/gonic-1.0.1/gonic-1.0.1.tgz version: 1.0.1 gotify: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.1.0 - created: "2021-12-04T20:11:14.9994015Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: a simple server for sending and receiving messages - digest: 304eb930b14614c72a9acc9d8ca1e5b29b529acfe19fc6b0f612a5e2a19b8aae - home: https://github.com/truecharts/apps/tree/main/charts/gotify - icon: https://gotify.net/img/logo.png - keywords: - - server - - gotify - - messages - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: gotify - sources: - - https://gotify.net/ - - https://github.com/gotify/server - - https://hub.docker.com/r/gotify/server - type: application - urls: - - https://github.com/truecharts/apps/releases/download/gotify-5.0.6/gotify-5.0.6.tgz - version: 5.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -73458,41 +71707,6 @@ entries: - https://github.com/truecharts/apps/releases/download/gotify-0.0.1/gotify-0.0.1.tgz version: 0.0.1 grafana: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - metrics - truecharts.org/grade: U - apiVersion: v2 - appVersion: 8.3.0 - created: "2021-12-04T20:11:15.18044927Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Grafana is an open source, feature rich metrics dashboard and graph - editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. - digest: d31245034c350f82c4b77c5aa41294ebe4f29f238c73659d87ef834c43d3414c - home: https://github.com/truecharts/apps/tree/master/charts/stable/grafana - icon: https://bitnami.com/assets/stacks/grafana/img/grafana-stack-220x234.png - keywords: - - analytics - - monitoring - - metrics - - logs - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: grafana - sources: - - https://github.com/bitnami/bitnami-docker-grafana - - https://grafana.com/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/grafana-1.0.5/grafana-1.0.5.tgz - version: 1.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -73635,40 +71849,6 @@ entries: - https://github.com/truecharts/apps/releases/download/grafana-0.0.1/grafana-0.0.1.tgz version: 0.0.1 grav: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.7.18 - created: "2021-12-04T20:11:15.377690581Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A Fast, Simple, and Flexible, file-based Web-platform. - digest: 260688ffc6aee7d85dd0dac18bd9f60090226b52a3dd327a21c38db081c90511 - home: https://github.com/truecharts/apps/tree/master/charts/stable/grav - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/grav-logo.png - keywords: - - grav - - web - - platform - - file - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: grav - sources: - - https://github.com/linuxserver/docker-grav - - https://github.com/getgrav/grav/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/grav-2.0.15/grav-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -73922,37 +72102,6 @@ entries: - https://github.com/truecharts/apps/releases/download/grav-0.0.2/grav-0.0.2.tgz version: 0.0.2 grocy: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - Home-Automation - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.1.1 - created: "2021-12-04T20:11:15.561154072Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: ERP beyond your fridge - grocy is a web-based self-hosted groceries - & household management solution for your home - digest: 24a2c354a16578ed08871bbd6150d2b33275de384e0ff06ae64a14fad9d7d2c5 - home: https://github.com/truecharts/apps/tree/master/charts/stable/grocy - icon: https://github.com/grocy/grocy/raw/master/public/img/appicons/mstile-150x150.png - keywords: - - grocy - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: grocy - sources: - - https://github.com/grocy/grocy - type: application - urls: - - https://github.com/truecharts/apps/releases/download/grocy-9.0.15/grocy-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -76420,41 +74569,6 @@ entries: - https://github.com/truecharts/apps/releases/download/grocy-3.1.5/grocy-3.1.5.tgz version: 3.1.5 handbrake: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.24.2 - created: "2021-12-04T20:11:15.75010101Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: HandBrake is a tool for converting video from nearly any format to - a selection of modern, widely supported codecs. - digest: ddd48e98c40aea60ce6db987c80b42a8c6793dfe68a611d59a57248bb6fe8619 - home: https://github.com/truecharts/apps/tree/master/charts/stable/handbrake - icon: https://handbrake.fr/img/logo.png - keywords: - - handbrake - - encode - - media - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: handbrake - sources: - - https://github.com/jlesage/docker-handbrake - - https://hub.docker.com/r/jlesage/handbrake/ - - https://handbrake.fr/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/handbrake-9.0.14/handbrake-9.0.14.tgz - version: 9.0.14 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -79619,39 +77733,6 @@ entries: - https://github.com/truecharts/apps/releases/download/handbrake-3.1.5/handbrake-3.1.5.tgz version: 3.1.5 haste-server: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - utilities - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:15.937002331Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Simple text sharing - digest: 2ccd233f1dc3bae5c6bf7be7128d1e66583f9fb26c531ca0efb6c5e690b39415 - home: https://github.com/truecharts/apps/tree/master/charts/stable/haste - icon: https://raw.githubusercontent.com/nicholaswilde/helm-charts/main/images/haste.png - keywords: - - haste - - hastebin - - haste-server - - pastebin - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: haste-server - sources: - - https://github.com/seejohnrun/haste-server - - https://github.com/k8s-at-home/container-images - urls: - - https://github.com/truecharts/apps/releases/download/haste-server-4.0.15/haste-server-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -81773,40 +79854,6 @@ entries: - https://github.com/truecharts/apps/releases/download/haste-server-1.0.0/haste-server-1.0.0.tgz version: 1.0.0 headphones: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 58edc604 - created: "2021-12-04T20:11:16.119513214Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: An automated music downloader for NZB and Torrent, written in Python. - It supports SABnzbd, NZBget, Transmission, µTorrent and Blackhole. - digest: b7174260d7214aa121805eaf87bf19489aa2c92fd3dca102802096fb44677a6f - home: https://github.com/truecharts/apps/tree/master/charts/stable/headphones - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/headphones-banner.png - keywords: - - headphones - - music - - downloader - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: headphones - sources: - - https://github.com/linuxserver/docker-headphones - - https://github.com/rembo10/headphones - type: application - urls: - - https://github.com/truecharts/apps/releases/download/headphones-2.0.15/headphones-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -82060,40 +80107,6 @@ entries: - https://github.com/truecharts/apps/releases/download/headphones-0.0.2/headphones-0.0.2.tgz version: 0.0.2 healthchecks: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.22.0 - created: "2021-12-04T20:11:16.297922361Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Healthchecks is a cron job monitoring service. It listens for HTTP - requests and email messages ("pings") from your cron jobs and scheduled tasks - ("checks"). When a ping does not arrive on time, Healthchecks sends out alerts. - digest: 3b77aa3301fe2b0b266646db94b24db01f54decfffe88d92b00439827425b7b0 - home: https://github.com/truechartsapps/tree/master/charts/stable/healthchecks - icon: https://avatars.githubusercontent.com/u/13053880?s=200&v=4 - keywords: - - cron - - monitoring - - alert - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: healthchecks - sources: - - https://github.com/healthchecks/healthchecks - - https://hub.docker.com/r/linuxserver/healthchecks - urls: - - https://github.com/truecharts/apps/releases/download/healthchecks-4.0.15/healthchecks-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -83971,36 +81984,6 @@ entries: - https://github.com/truecharts/apps/releases/download/healthchecks-1.0.1/healthchecks-1.0.1.tgz version: 1.0.1 heimdall: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - organizers - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.2.2 - created: "2021-12-04T20:11:16.488136611Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: An Application dashboard and launcher - digest: 06ea6cb491621da318befb7babeee3bcf7039a20930bb3fd7c5e53b5bd40dfd9 - home: https://github.com/truecharts/apps/tree/master/charts/stable/heimdall - icon: https://i.imgur.com/mM4tcO5.png - keywords: - - heimdall - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: heimdall - sources: - - https://github.com/linuxserver/Heimdall/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/heimdall-9.0.20/heimdall-9.0.20.tgz - version: 9.0.20 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -86318,43 +84301,6 @@ entries: - https://github.com/truecharts/apps/releases/download/heimdall-3.1.5/heimdall-3.1.5.tgz version: 3.1.5 home-assistant: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - home-automation - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2021.11.5 - created: "2021-12-04T20:11:16.688881851Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: home-assistant App for TrueNAS SCALE - digest: 5ae17bdfaf60a63b63f434f1f1ee685283584bc5dd085d769a18a92733263484 - home: https://github.com/truecharts/apps/tree/master/charts/stable/home-assistant - icon: https://upload.wikimedia.org/wikipedia/commons/thumb/6/6e/Home_Assistant_Logo.svg/519px-Home_Assistant_Logo.svg.png - keywords: - - home-assistant - - hass - - homeassistant - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: home-assistant - sources: - - https://github.com/home-assistant/home-assistant - - https://github.com/cdr/code-server - type: application - urls: - - https://github.com/truecharts/apps/releases/download/home-assistant-12.0.7/home-assistant-12.0.7.tgz - version: 12.0.7 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -90284,37 +88230,6 @@ entries: - https://github.com/truecharts/apps/releases/download/home-assistant-3.1.5/home-assistant-3.1.5.tgz version: 3.1.5 hyperion-ng: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.0.12 - created: "2021-12-04T20:11:16.877960091Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Hyperion is an opensource Bias or Ambient Lighting implementation - digest: d911b81e6af3c379cc1909267170f5aa885c4799245b96b4e68607edd0002b4f - home: https://github.com/truechartsapps/tree/master/charts/stable/hyperion-ng - icon: https://avatars.githubusercontent.com/u/17778452?s=200&v=4 - keywords: - - hyperion-ng - - hyperion - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: hyperion-ng - sources: - - https://github.com/hyperion-project/hyperion.ng - - https://hub.docker.com/r/sirfragalot/hyperion.ng - urls: - - https://github.com/truecharts/apps/releases/download/hyperion-ng-4.0.17/hyperion-ng-4.0.17.tgz - version: 4.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -91875,39 +89790,6 @@ entries: - https://github.com/truecharts/apps/releases/download/hyperion-ng-1.0.1/hyperion-ng-1.0.1.tgz version: 1.0.1 icantbelieveitsnotvaletudo: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2021.2.1 - created: "2021-12-04T20:11:17.061687784Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Create live map data from Valetudo powered robots - digest: 59870d959e807c133508cc6177799a2e14d65bf6ae79b699aadd19c3f250e174 - home: https://github.com/truecharts/apps/tree/master/charts/stable/icantbelieveitsnotvaletudo - icon: https://raw.githubusercontent.com/Hypfer/Valetudo/master/assets/logo/valetudo_logo_small.svg - keywords: - - icantbelieveitsnotvaletudo - - MQTT - - valetudo - - iot - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: icantbelieveitsnotvaletudo - sources: - - https://github.com/Hypfer/ICantBelieveItsNotValetudo - - https://github.com/truecharts/apps/tree/master/charts/icantbelieveitsnotvaletudo - urls: - - https://github.com/truecharts/apps/releases/download/icantbelieveitsnotvaletudo-2.0.15/icantbelieveitsnotvaletudo-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -92153,42 +90035,6 @@ entries: - https://github.com/truecharts/apps/releases/download/icantbelieveitsnotvaletudo-0.0.2/icantbelieveitsnotvaletudo-0.0.2.tgz version: 0.0.2 icinga2: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - monitoring - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.13.1 - created: "2021-12-04T20:11:17.286817837Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: A monitoring system which checks the availability of your network - resources, notifies users of outages, and generates performance data for reporting. - digest: 0fa003dc3a938a31d4fd07fcb7de1e6a23facc74c39bdeaa2a8c2bdd2543e8ec - home: https://github.com/truechartsapps/tree/master/charts/stable/icinga2 - icon: https://avatars.githubusercontent.com/u/835441?s=200&v=4 - keywords: - - icinga2 - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: icinga2 - sources: - - https://github.com/jjethwa/icinga2 - - https://icinga.com/ - urls: - - https://github.com/truecharts/apps/releases/download/icinga2-0.0.4/icinga2-0.0.4.tgz - version: 0.0.4 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -92270,13 +90116,13 @@ entries: truecharts.org/grade: U apiVersion: v2 appVersion: 0.20.83 - created: "2021-12-04T20:11:17.487579278Z" + created: "2021-12-04T20:34:31.747466639Z" dependencies: - name: common repository: https://truecharts.org version: 8.9.10 description: API Support for your favorite torrent trackers. - digest: 5f380a0119fd2bbce0b66afa57d98ebfcc2a382e83bfd24f7c115b21b67ed11e + digest: a989a7f16e8ee5636b59217dfb275624f0df09624aedb634e3819cc3f05e563c home: https://github.com/truecharts/apps/tree/master/charts/stable/jackett icon: https://truecharts.org/_static/img/jackett-icon.png keywords: @@ -92293,8 +90139,8 @@ entries: - https://github.com/Jackett/Jackett type: application urls: - - https://github.com/truecharts/apps/releases/download/jackett-9.0.30/jackett-9.0.30.tgz - version: 9.0.30 + - https://github.com/truecharts/apps/releases/download/jackett-9.0.31/jackett-9.0.31.tgz + version: 9.0.31 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -96562,41 +94408,6 @@ entries: - https://github.com/truecharts/apps/releases/download/jackett-3.1.5/jackett-3.1.5.tgz version: 3.1.5 jdownloader2: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - downloads - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.7.1 - created: "2021-12-04T20:11:17.671687475Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: JDownloader is a free, open-source download management tool with - a huge community of developers that makes downloading as easy and fast as it - should be. - digest: b911a5a2ff965964df98f96cdf550378e9e2785cab430e5e7c885db48273e24a - home: https://github.com/truecharts/apps/tree/master/charts/stable/jackett - icon: https://jdownloader.org/_media/knowledge/wiki/jdownloader.png?w=150 - keywords: - - jdownloader - - download - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: jdownloader2 - sources: - - https://github.com/jlesage/docker-jdownloader-2 - - https://hub.docker.com/r/jlesage/jdownloader-2 - - https://jdownloader.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/jdownloader2-4.0.16/jdownloader2-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -97786,38 +95597,6 @@ entries: - https://github.com/truecharts/apps/releases/download/jdownloader2-0.0.1/jdownloader2-0.0.1.tgz version: 0.0.1 jellyfin: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 10.7.7 - created: "2021-12-04T20:11:17.862274627Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Jellyfin is a Free Software Media System - digest: 4c5127c001b6ecd44bd827d3edc2e5deee66ade6a3dd3c1c1a5d3058840bd4f1 - home: https://github.com/truecharts/apps/tree/master/charts/stable/jellyfin - icon: https://truecharts.org/_static/img/jellyfin-icon.png - keywords: - - jellyfin - - plex - - emby - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: jellyfin - sources: - - https://github.com/jellyfin/jellyfin - type: application - urls: - - https://github.com/truecharts/apps/releases/download/jellyfin-9.0.15/jellyfin-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -100638,42 +98417,6 @@ entries: - https://github.com/truecharts/apps/releases/download/jellyfin-3.1.5/jellyfin-3.1.5.tgz version: 3.1.5 joplin-server: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.5.1 - created: "2021-12-04T20:11:18.067483207Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: This server allows you to sync any Joplin client - digest: e55e542dfefdf5a1f2c6d15e4fab929e897b1bd893971c8e964f7aa17c12594a - home: https://github.com/truecharts/apps/tree/master/charts/stable/jopplin-server - icon: https://raw.githubusercontent.com/laurent22/joplin/master/Assets/LinuxIcons/256x256.png?raw=true - keywords: - - joplin - - notes - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: joplin-server - sources: - - https://github.com/laurent22/joplin/tree/dev/packages/server - - https://github.com/laurent22/joplin - - https://hub.docker.com/r/joplin/server - urls: - - https://github.com/truecharts/apps/releases/download/joplin-server-5.0.6/joplin-server-5.0.6.tgz - version: 5.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -101025,37 +98768,6 @@ entries: - https://github.com/truecharts/apps/releases/download/joplin-server-0.0.1/joplin-server-0.0.1.tgz version: 0.0.1 k8s-gateway: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - networking - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.1.8 - created: "2021-12-04T20:11:18.275288834Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A Helm chart for the k8s_gateway CoreDNS plugin - digest: b6250372343fea70ed5355f826980ae3eaef1c072436a4af4a35a659183e161f - home: https://github.com/truecharts/apps/tree/master/charts/stable/k8s-gateway - icon: https://cncf-branding.netlify.app/img/projects/coredns/icon/black/coredns-icon-black.png - keywords: - - DNS - - networking - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: k8s-gateway - sources: - - https://github.com/ori-edge/k8s_gateway - type: application - urls: - - https://github.com/truecharts/apps/releases/download/k8s-gateway-4.0.16/k8s-gateway-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -101758,40 +99470,6 @@ entries: - https://github.com/truecharts/apps/releases/download/k8s-gateway-0.0.1/k8s-gateway-0.0.1.tgz version: 0.0.1 kanboard: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.2.20 - created: "2021-12-04T20:11:18.472926969Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Kanboard is a free and open source Kanban project management software. - digest: 04dc075d4d0589d6e30e9324e6975d3f62d716c10413c509cb3697846b3843c6 - home: https://github.com/truecharts/apps/tree/master/charts/stable/kanboard - icon: https://raw.githubusercontent.com/kanboard/website/master/assets/img/icon.svg - keywords: - - kanboard - - kanban - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: kanboard - sources: - - https://github.com/kanboard/kanboard - urls: - - https://github.com/truecharts/apps/releases/download/kanboard-5.0.6/kanboard-5.0.6.tgz - version: 5.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -102123,36 +99801,6 @@ entries: - https://github.com/truecharts/apps/releases/download/kanboard-0.0.1/kanboard-0.0.1.tgz version: 0.0.1 kms: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - graywares - truecharts.org/grade: U - apiVersion: v2 - appVersion: minimal - created: "2021-12-04T20:11:18.666388569Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Private Windows Activation Server for development and testing - digest: 9ddcb6e17f8388119903a229084438ec15125a89e70d51c0c4696b39a5292504 - home: https://github.com/truecharts/apps/tree/master/charts/stable/kms - icon: https://truecharts.org/_static/img/kms-icon.jpg - keywords: - - kms - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: kms - sources: - - https://github.com/SystemRage/py-kms - type: application - urls: - - https://github.com/truecharts/apps/releases/download/kms-9.0.17/kms-9.0.17.tgz - version: 9.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -104798,39 +102446,6 @@ entries: - https://github.com/truecharts/apps/releases/download/kms-3.1.5/kms-3.1.5.tgz version: 3.1.5 komga: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.134.0 - created: "2021-12-04T20:11:18.848211373Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A comics/mangas server to serve/stream pages via API - digest: 9a675a2c7dfe1894f72e03938888a013575c47782a6918939c388f5d08f9af31 - home: https://github.com/truechartsapps/tree/master/charts/stable/komga - icon: https://komga.org/assets/media/logo.svg - keywords: - - komga - - comics - - mangas - - server - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: komga - sources: - - https://komga.org/ - - https://github.com/gotson/komga - urls: - - https://github.com/truecharts/apps/releases/download/komga-4.0.20/komga-4.0.20.tgz - version: 4.0.20 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -107112,38 +104727,6 @@ entries: - https://github.com/truecharts/apps/releases/download/komga-1.0.1/komga-1.0.1.tgz version: 1.0.1 lazylibrarian: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:19.045831707Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Get all your books, like series with Sonarr... - digest: 66763dd77dd84d4cccbafd0c180597b32b199d55cf2d1c29b7613ba5abf17568 - home: https://github.com/truecharts/apps/tree/master/charts/stable/lazylibrarian - icon: https://lazylibrarian.gitlab.io/logo.svg - keywords: - - lazylibrarian - - ebooks - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: lazylibrarian - sources: - - https://gitlab.com/LazyLibrarian/LazyLibrarian.git - - https://lazylibrarian.gitlab.io - type: application - urls: - - https://github.com/truecharts/apps/releases/download/lazylibrarian-9.0.20/lazylibrarian-9.0.20.tgz - version: 9.0.20 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -110142,40 +107725,6 @@ entries: - https://github.com/truecharts/apps/releases/download/lazylibrarian-3.1.5/lazylibrarian-3.1.5.tgz version: 3.1.5 leaf2mqtt: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "0.5" - created: "2021-12-04T20:11:19.223195974Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Nissan Leaf connected services to MQTT adapter - digest: c0cd2081eecdaa4bdbcca0e2cf6654ac6d8359c4c8d93b371aacaae0978b4071 - home: https://github.com/truecharts/apps/tree/master/charts/stable/leaf2mqtt - icon: https://www.nissanusa.com/content/dam/Nissan/us/Navigation/nissan-logo-black.svg - keywords: - - leaf2mqtt - - leaf - - nissan - - kamereon - - carwings - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: leaf2mqtt - sources: - - https://github.com/mitsumaui/leaf2mqtt - - https://github.com/k8s-at-home/container-images - urls: - - https://github.com/truecharts/apps/releases/download/leaf2mqtt-2.0.15/leaf2mqtt-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -110429,43 +107978,6 @@ entries: - https://github.com/truecharts/apps/releases/download/leaf2mqtt-0.0.2/leaf2mqtt-0.0.2.tgz version: 0.0.2 leantime: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - management - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.1.7 - created: "2021-12-04T20:11:19.425300446Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: Straightforward open source project management system to make your - ideas reality. - digest: 47f3ede60ee793cb7afa9573bd4d74a43a3ca1c8e9134395ad9840e3acc634b5 - home: https://github.com/truechartsapps/tree/master/charts/stable/leantime - icon: https://github.com/nicholaswilde/helm-charts/raw/main/images/leantime.jpg - keywords: - - leantime - - project - - management - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: leantime - sources: - - https://leantime.io/ - - https://hub.docker.com/r/nicholaswilde/leantime - urls: - - https://github.com/truecharts/apps/releases/download/leantime-0.0.4/leantime-0.0.4.tgz - version: 0.0.4 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -110541,38 +108053,6 @@ entries: - https://github.com/truecharts/apps/releases/download/leantime-0.0.1/leantime-0.0.1.tgz version: 0.0.1 librespeed: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 5.2.4 - created: "2021-12-04T20:11:19.605253735Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Librespeed is a HTML5 webpage to test upload and download speeds - digest: f4d5394cdb725044ad396cfc3c03270609a8c4fea43af65db0fba3a59a7ee5fa - home: https://github.com/truechartsapps/tree/master/charts/stable/librespeed - icon: https://github.com/librespeed/speedtest/blob/master/.logo/icon_huge.png?raw=true - keywords: - - librespeed - - speedtest - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: librespeed - sources: - - https://github.com/librespeed/speedtest - - https://hub.docker.com/r/linuxserver/librespeed - - https://github.com/truechartsapps/tree/master/charts/librespeed - urls: - - https://github.com/truecharts/apps/releases/download/librespeed-4.0.19/librespeed-4.0.19.tgz - version: 4.0.19 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -112530,38 +110010,6 @@ entries: - https://github.com/truecharts/apps/releases/download/librespeed-0.0.1/librespeed-0.0.1.tgz version: 0.0.1 lidarr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.0.0.2255 - created: "2021-12-04T20:11:19.812122046Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Looks and smells like Sonarr but made for music - digest: d5edccfb15b4c841bd4e95d7498a2ad2c8fea379054bf4fb010cf4f43860eab7 - home: https://github.com/truecharts/apps/tree/master/charts/stable/lidarr - icon: https://avatars3.githubusercontent.com/u/28475832?s=400&v=4 - keywords: - - lidarr - - torrent - - usenet - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: lidarr - sources: - - https://github.com/Lidarr/Lidarr - type: application - urls: - - https://github.com/truecharts/apps/releases/download/lidarr-9.0.15/lidarr-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -115352,37 +112800,6 @@ entries: - https://github.com/truecharts/apps/releases/download/lidarr-3.1.5/lidarr-3.1.5.tgz version: 3.1.5 littlelink: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - social - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:19.994311953Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Easy platform to combine all your social links - digest: d904100ea18250003867b7cc5275f86c3c5740aa64504c3ef8bd16916a84db13 - home: https://github.com/truecharts/apps/tree/master/charts/stable/littlelink - icon: https://littlelink.io/images/avatar@2x.png - keywords: - - littlelink - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: littlelink - sources: - - https://github.com/techno-tim/littlelink-server - - https://github.com/sethcottle/littlelink - type: application - urls: - - https://github.com/truecharts/apps/releases/download/littlelink-4.0.23/littlelink-4.0.23.tgz - version: 4.0.23 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -117106,41 +114523,6 @@ entries: - https://github.com/truecharts/apps/releases/download/littlelink-1.0.0/littlelink-1.0.0.tgz version: 1.0.0 logitech-media-server: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - - audio - truecharts.org/grade: U - apiVersion: v2 - appVersion: 8.3.0 - created: "2021-12-04T20:11:20.173372834Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Logitech Media Server is a platform for home/office audio streaming. - digest: 8a57135fb33134dfadc674a58d128d2de4eacebdd05e38c567c6df09ff4fc8ba - home: https://github.com/truecharts/apps/master/charts/incubator/logitech-media-server - icon: https://www.mysqueezebox.com/static/images/logitech_mediaserver.png - keywords: - - logitech-media-server - - squeezebox - - audio - - streaming - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: logitech-media-server - sources: - - https://github.com/Logitech/slimserver - - https://hub.docker.com/r/lmscommunity/logitechmediaserver - type: application - urls: - - https://github.com/truecharts/apps/releases/download/logitech-media-server-2.0.23/logitech-media-server-2.0.23.tgz - version: 2.0.23 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -117708,40 +115090,6 @@ entries: - https://github.com/truecharts/apps/releases/download/logitech-media-server-1.0.0/logitech-media-server-1.0.0.tgz version: 1.0.0 loki: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - logs - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.4.1 - created: "2021-12-04T20:11:20.380449347Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: promtail.enabled - name: promtail - repository: https://truecharts.org - version: 1.0.6 - description: 'Loki: like Prometheus, but for logs.' - digest: 7a56f4a7a2b6a7a79cd843c4ea3e4055d48eeed87b6d2dac9b3640d9a833bcfc - home: https://github.com/truecharts/apps/tree/master/charts/stable/loki - icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png - keywords: - - logs - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: loki - sources: - - https://github.com/grafana/loki - type: application - urls: - - https://github.com/truecharts/apps/releases/download/loki-2.0.3/loki-2.0.3.tgz - version: 2.0.3 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -118049,40 +115397,6 @@ entries: - https://github.com/truecharts/apps/releases/download/loki-0.0.1/loki-0.0.1.tgz version: 0.0.1 lychee: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 4.3.6 - created: "2021-12-04T20:11:20.568986406Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Lychee is a free photo-management tool, which runs on your server - or web-space - digest: f433bb96467ea9ef9859fb405c9748dbd13cc307f7b260fd5d596d75ba5abad0 - home: https://github.com/truecharts/apps/tree/master/charts/stable/lychee - icon: https://github.com/LycheeOrg/Lychee/blob/master/Banner.png?raw=true - keywords: - - lychee - - photo - - pictures - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: lychee - sources: - - https://github.com/LycheeOrg/Lychee - - https://hub.docker.com/r/lycheeorg/lychee - type: application - urls: - - https://github.com/truecharts/apps/releases/download/lychee-9.0.15/lychee-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -121423,36 +118737,6 @@ entries: - https://github.com/truecharts/apps/releases/download/mariadb-0.0.1/mariadb-0.0.1.tgz version: 0.0.1 mealie: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - utilities - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.5.4 - created: "2021-12-04T20:11:20.760852193Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Mealie is a self hosted recipe manager and meal planner with a RestAPI - backend - digest: 755da3f7ea348cd5c03f1e42444f586d2543a55c016e929cd7c55b9b6e3f6d0c - home: https://github.com/truecharts/apps/tree/master/charts/stable/mealie - icon: https://raw.githubusercontent.com/hay-kot/mealie/gh-pages/assets/img/favicon.png - keywords: - - grocy - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: mealie - sources: - - https://github.com/hay-kot/mealie - urls: - - https://github.com/truecharts/apps/releases/download/mealie-4.0.16/mealie-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -123528,42 +120812,6 @@ entries: - https://github.com/truecharts/apps/releases/download/mealie-1.0.0/mealie-1.0.0.tgz version: 1.0.0 medusa: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.5.20 - created: "2021-12-04T20:11:20.945677522Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: An automatic Video Library Manager for TV Shows - digest: 86a5be9dd4dc8f978e33a3e1f0053fdad3b29f91e45fa18b076a23e6224a8468 - home: https://github.com/truecharts/apps/tree/master/charts/stable/medusa - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/medusa-icon.png - keywords: - - medusa - - video - - library - - manager - - tv - - shows - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: medusa - sources: - - https://github.com/linuxserver/docker-medusa - - https://pymedusa.com/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/medusa-1.0.17/medusa-1.0.17.tgz - version: 1.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -124651,41 +121899,6 @@ entries: - https://github.com/truecharts/apps/releases/download/metallb-0.0.1/metallb-0.0.1.tgz version: 0.0.1 miniflux: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.0.33 - created: "2021-12-04T20:11:21.190563948Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Miniflux is a minimalist and opinionated feed reader. - digest: 6b5d6c84f450403e013c6cf22b484b82cc22f02923c7fdddf52b10f456fbdbd6 - home: https://github.com/truecharts/apps/tree/master/charts/miniflux - icon: https://raw.githubusercontent.com/miniflux/logo/master/icon.svg - keywords: - - miniflux - - rss - - news - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: miniflux - sources: - - https://github.com/miniflux/v2 - urls: - - https://github.com/truecharts/apps/releases/download/miniflux-4.0.6/miniflux-4.0.6.tgz - version: 4.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -125027,37 +122240,6 @@ entries: - https://github.com/truecharts/apps/releases/download/miniflux-0.0.1/miniflux-0.0.1.tgz version: 0.0.1 minio: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:21.388990689Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Minio is a self-hosted S3 storage server - digest: d089eb3e87098b08998a34e0e294a276c2270cc804791e5065daa95b1cbbb9c1 - home: https://github.com/truecharts/apps/tree/master/charts/incubator/minio - icon: https://min.io/resources/img/logo/MINIO_wordmark.png - keywords: - - minio - - s3 - - storage - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: minio - sources: - - https://github.com/minio/minio - urls: - - https://github.com/truecharts/apps/releases/download/minio-1.0.3/minio-1.0.3.tgz - version: 1.0.3 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -125152,37 +122334,6 @@ entries: - https://github.com/truecharts/apps/releases/download/minio-0.0.1/minio-0.0.1.tgz version: 0.0.1 minio-console: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.12.5 - created: "2021-12-04T20:11:21.575403431Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A management console for minio server and operator - digest: f5b42a357eb0e2d3ed571f13ee9bfc75eb24d2bac7b10c86cde7e6a9c36c7710 - home: https://github.com/truecharts/apps/tree/master/charts/stable/minio-console - icon: https://min.io/resources/img/logo/MINIO_wordmark.png - keywords: - - minio-console - - minio - - s3 - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: minio-console - sources: - - https://github.com/minio/console - urls: - - https://github.com/truecharts/apps/releases/download/minio-console-1.0.18/minio-console-1.0.18.tgz - version: 1.0.18 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -125505,41 +122656,6 @@ entries: - https://github.com/truecharts/apps/releases/download/minio-console-0.0.2/minio-console-0.0.2.tgz version: 0.0.2 monica: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - crm - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.5.0 - created: "2021-12-04T20:11:21.778561411Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: Straightforward open source project management system to make your - ideas reality. - digest: b80de0dfe5df2852778d3804eb4bfff7b4bb23624c1aa568afb50b702985ad9c - home: https://github.com/truechartsapps/tree/master/charts/stable/monica - icon: https://pbs.twimg.com/profile_images/951820722191720450/mtCNuIXX.jpg - keywords: - - crm - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: monica - sources: - - https://github.com/monicahq/monica - - https://hub.docker.com/_/monica - urls: - - https://github.com/truecharts/apps/releases/download/monica-0.0.5/monica-0.0.5.tgz - version: 0.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -125646,38 +122762,6 @@ entries: - https://github.com/truecharts/apps/releases/download/monica-0.0.1/monica-0.0.1.tgz version: 0.0.1 mosquitto: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - homeautomation - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.0.14 - created: "2021-12-04T20:11:21.980757384Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Eclipse Mosquitto - An open source MQTT broker - digest: e4149ff15cf5587798bf767969ac83ada8fdfa51642b71229815dab5ebcebee6 - home: https://github.com/truecharts/apps/tree/master/charts/stable/mosquitto - icon: https://projects.eclipse.org/sites/default/files/mosquitto-200px.png - keywords: - - mosquitto - - MQTT - - eclipse-iot - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: mosquitto - sources: - - https://github.com/eclipse/mosquitto - type: application - urls: - - https://github.com/truecharts/apps/releases/download/mosquitto-4.0.17/mosquitto-4.0.17.tgz - version: 4.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -127842,39 +124926,6 @@ entries: - https://github.com/truecharts/apps/releases/download/mosquitto-1.0.0/mosquitto-1.0.0.tgz version: 1.0.0 mstream: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 5.2.5 - created: "2021-12-04T20:11:22.174045083Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A personal music streaming server - digest: 00b297368e27dff39e98d8cee77d48f648325eb962240efaabd0709d3be468cb - home: https://github.com/truecharts/apps/tree/master/charts/stable/mstream - icon: https://raw.githubusercontent.com/nicholaswilde/helm-charts/main/images/mstream.png - keywords: - - mstream - - server - - music - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: mstream - sources: - - https://github.com/linuxserver/docker-mstream - - https://mstream.io/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/mstream-1.0.15/mstream-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -128120,41 +125171,6 @@ entries: - https://github.com/truecharts/apps/releases/download/mstream-0.0.2/mstream-0.0.2.tgz version: 0.0.2 muximux: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "057352e8" - created: "2021-12-04T20:11:22.344400392Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A lightweight portal to view & manage your HTPC apps without having - to run anything more than a PHP enabled webserver - digest: 24a83e19fef6757132c09663f0256cb2bccc107d281439d99ec8bb1274d29855 - home: https://github.com/truecharts/apps/tree/master/charts/stable/muximux - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/muximux-icon.png - keywords: - - muximux - - htpc - - manage - - portal - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: muximux - sources: - - https://github.com/linuxserver/docker-muximux - - https://github.com/mescon/Muximux - type: application - urls: - - https://github.com/truecharts/apps/releases/download/muximux-1.0.19/muximux-1.0.19.tgz - version: 1.0.19 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -128521,37 +125537,6 @@ entries: - https://github.com/truecharts/apps/releases/download/muximux-0.0.2/muximux-0.0.2.tgz version: 0.0.2 mylar: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.5.3 - created: "2021-12-04T20:11:22.534804567Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Mylar is a automated Comic Book downloader - digest: 2d3406197ef573b907a621fc820079364c4b3ae70bf4aee2111e862116af0e4f - home: https://github.com/truechartsapps/tree/master/charts/stable/mylar - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/mylar-icon.png - keywords: - - mylar - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: mylar - sources: - - https://github.com/mylar3/mylar3 - - https://github.com/linuxserver/docker-mylar3 - - https://github.com/truechartsapps/tree/master/charts/mylar - urls: - - https://github.com/truecharts/apps/releases/download/mylar-4.0.15/mylar-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -130026,40 +127011,6 @@ entries: - https://github.com/truecharts/apps/releases/download/mylar-1.0.1/mylar-1.0.1.tgz version: 1.0.1 navidrome: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.47.0 - created: "2021-12-04T20:11:22.709154209Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Navidrome is an open source web-based music collection server and - streamer - digest: bb7fa3ed8b2eb8497c888f2eb44a3fb80303b15eb37e6965ff94c9e27ad5c5b5 - home: https://github.com/truecharts/apps/tree/master/charts/stable/navidrome - icon: https://raw.githubusercontent.com/navidrome/navidrome/v0.42.0/ui/src/icons/android-icon-192x192.png - keywords: - - navidrome - - music - - streaming - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: navidrome - sources: - - https://github.com/deluan/navidrome - - https://hub.docker.com/r/deluan/navidrome - type: application - urls: - - https://github.com/truecharts/apps/releases/download/navidrome-9.0.15/navidrome-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -132869,50 +129820,6 @@ entries: - https://github.com/truecharts/apps/releases/download/navidrome-3.1.5/navidrome-3.1.5.tgz version: 3.1.5 nextcloud: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - cloud - truecharts.org/grade: U - apiVersion: v2 - appVersion: 23.0.0 - created: "2021-12-04T20:11:22.966533538Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - - condition: redis.enabled - name: redis - repository: https://truecharts.org - version: 1.0.22 - description: A private cloud server that puts the control and security of your - own data back into your hands. - digest: d90f47939de70952a6e8d88e7c90986f8470cb77853caa7832f8bd4aeb3903d6 - home: https://nextcloud.com/ - icon: https://upload.wikimedia.org/wikipedia/commons/thumb/6/60/Nextcloud_Logo.svg/1280px-Nextcloud_Logo.svg.png - keywords: - - nextcloud - - storage - - http - - web - - php - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: nextcloud - sources: - - https://github.com/nextcloud/docker - - https://github.com/nextcloud/helm - type: application - urls: - - https://github.com/truecharts/apps/releases/download/nextcloud-10.0.11/nextcloud-10.0.11.tgz - version: 10.0.11 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -139513,37 +136420,6 @@ entries: - https://github.com/truecharts/apps/releases/download/nextcloud-1.0.0/nextcloud-1.0.0.tgz version: 1.0.0 node-red: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - tools - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.1.4 - created: "2021-12-04T20:11:23.13968997Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Node-RED is low-code programming for event-driven applications - digest: 4a9b319cf617b8ff8c1a45ded1c4654d1adf73c1004f18f2019bbaf53b1b50a8 - home: https://github.com/truecharts/apps/tree/master/charts/stable/node-red - icon: https://nodered.org/about/resources/media/node-red-icon-2.png - keywords: - - node-red - - nodered - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: node-red - sources: - - https://github.com/node-red/node-red-docker - type: application - urls: - - https://github.com/truecharts/apps/releases/download/node-red-9.0.15/node-red-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -142315,39 +139191,6 @@ entries: - https://github.com/truecharts/apps/releases/download/notes-0.0.2/notes-0.0.2.tgz version: 0.0.2 novnc: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.2.0 - created: "2021-12-04T20:11:23.33315067Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: The open source VNC client - digest: 64441d0f71f9c1e084e7959466715b545194f2fd251fb222c3da17696fe02850 - home: https://github.com/truecharts/apps/tree/master/charts/stable/novnc - icon: https://github.com/truecharts/apps/raw/main/images/novnc.png - keywords: - - novnc - - vnc - - remote - - desktop - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: novnc - sources: - - https://novnc.com/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/novnc-1.0.15/novnc-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -142593,35 +139436,6 @@ entries: - https://github.com/truecharts/apps/releases/download/novnc-0.0.2/novnc-0.0.2.tgz version: 0.0.2 nullserv: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.3.0 - created: "2021-12-04T20:11:23.519536612Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A simple null file http and https server - digest: 32e22e47e87f754ab1be0ad584742933d2241fe8b8375cdd9a149924435d0751 - home: https://github.com/truechartsapps/tree/master/charts/stable/nullserv - icon: https://miro.medium.com/max/800/1*UL9RWkTUtJlyHW7kGm20hQ.png - keywords: - - nullserv - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: nullserv - sources: - - https://github.com/bmrzycki/nullserv - urls: - - https://github.com/truecharts/apps/releases/download/nullserv-4.0.15/nullserv-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -143987,37 +140801,6 @@ entries: - https://github.com/truecharts/apps/releases/download/nullserv-1.0.1/nullserv-1.0.1.tgz version: 1.0.1 nzbget: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "21.1" - created: "2021-12-04T20:11:23.715591934Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: NZBGet is a Usenet downloader client - digest: 5e2072c5e5884dd24711e47f1b5bb96842779c7ebbb28354c521c8bd103c17cf - home: https://github.com/truecharts/apps/tree/master/charts/stable/nzbget - icon: https://avatars1.githubusercontent.com/u/3368377?s=400&v=4 - keywords: - - nzbget - - usenet - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: nzbget - sources: - - https://nzbget.net/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/nzbget-9.0.16/nzbget-9.0.16.tgz - version: 9.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -146449,34 +143232,6 @@ entries: - https://github.com/truecharts/apps/releases/download/nzbget-3.1.5/nzbget-3.1.5.tgz version: 3.1.5 nzbhydra: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.18.1 - created: "2021-12-04T20:11:23.899225553Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - deprecated: true - description: Usenet meta search - digest: 82acee2e509df9369f237a9638f9d50558b81365f005139cf4accedb7205e897 - home: https://github.com/truecharts/apps/tree/master/charts/stable/nzbhydra - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/hydra-icon.png - keywords: - - nzbhydra - - usenet - kubeVersion: '>=1.16.0-0' - name: nzbhydra - sources: - - https://github.com/theotherp/nzbhydra2 - type: application - urls: - - https://github.com/truecharts/apps/releases/download/nzbhydra-9.0.17/nzbhydra-9.0.17.tgz - version: 9.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -148776,38 +145531,6 @@ entries: - https://github.com/truecharts/apps/releases/download/nzbhydra-3.1.6/nzbhydra-3.1.6.tgz version: 3.1.6 octoprint: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.7.2 - created: "2021-12-04T20:11:24.081082857Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: OctoPrint is the snappy web interface for your 3D printer - digest: 122f5259111cbd1f3f5a37da525d07f56f62805ba0a758ae6df731b4b5eb15ff - home: https://github.com/truechartsapps/tree/master/charts/stable/octoprint - icon: https://avatars3.githubusercontent.com/u/5982294?s=400&v=4 - keywords: - - octoprint - - 3d - - printer - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: octoprint - sources: - - https://github.com/OctoPrint/OctoPrint - - https://hub.docker.com/r/octoprint/octoprint - urls: - - https://github.com/truecharts/apps/releases/download/octoprint-4.0.16/octoprint-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -150459,48 +147182,6 @@ entries: - https://github.com/truecharts/apps/releases/download/octoprint-1.0.1/octoprint-1.0.1.tgz version: 1.0.1 odoo: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "14.0" - created: "2021-12-04T20:11:24.284984643Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: All-in-one business software. Beautiful. Easy-to-use. CRM, Accounting, - PM, HR, Procurement, Point of Sale, MRP, Marketing, etc. - digest: d45b6945b59d475c3c17dc5aba143061ed37475ebb7ab3aabbd1bfd918c92c1a - home: https://github.com/truecharts/apps/tree/main/charts/odoo - icon: https://pbs.twimg.com/profile_images/970608340014419969/1bpCWJhS_400x400.jpg - keywords: - - odoo - - crm - - pm - - hr - - accounting - - mrp - - marketing - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: odoo - sources: - - https://www.odoo.com/ - - https://hub.docker.com/repository/docker/nicholaswilde/odoo - type: application - urls: - - https://github.com/truecharts/apps/releases/download/odoo-4.0.6/odoo-4.0.6.tgz - version: 4.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -150912,36 +147593,6 @@ entries: - https://github.com/truecharts/apps/releases/download/odoo-0.0.1/odoo-0.0.1.tgz version: 0.0.1 omada-controller: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "4.4" - created: "2021-12-04T20:11:24.483969189Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Omada is a SDN tool for TP-Link Omada hardware - digest: ca38e14c4a34d6150b9d30fa2b5622ecd7cc8992b287068e0a1a7bb233319996 - home: https://github.com/truechartsapps/tree/master/charts/stable/omada-controller - icon: https://www.tp-link.com/assets/images/icon/logo-white.svg - keywords: - - omada-controller - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: omada-controller - sources: - - https://github.com/mbentley/docker-omada-controller - - https://github.com/truechartsapps/tree/master/charts/omada-controller - urls: - - https://github.com/truecharts/apps/releases/download/omada-controller-4.0.22/omada-controller-4.0.22.tgz - version: 4.0.22 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -152751,41 +149402,6 @@ entries: - https://github.com/truecharts/apps/releases/download/omada-controller-1.0.1/omada-controller-1.0.1.tgz version: 1.0.1 ombi: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 4.0.1482 - created: "2021-12-04T20:11:24.671497541Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Want a Movie or TV Show on Plex or Emby? Use Ombi! - digest: 0c9775f042c38b70a9758e990e1d72f7855a79ca9bc7f343c2ec7140fc58efb5 - home: https://github.com/truecharts/apps/tree/master/charts/stable/ombi - icon: https://raw.githubusercontent.com/Ombi-app/Ombi/gh-pages/img/android-chrome-512x512.png - keywords: - - ombi - - plex - - emby - - sonarr - - radarr - - couchpotato - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: ombi - sources: - - https://github.com/tidusjar/Ombi - type: application - urls: - - https://github.com/truecharts/apps/releases/download/ombi-9.0.14/ombi-9.0.14.tgz - version: 9.0.14 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -156380,42 +152996,6 @@ entries: - https://github.com/truecharts/apps/releases/download/ombi-3.1.5/ombi-3.1.5.tgz version: 3.1.5 onlyoffice-document-server: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - office - - documents - - productivity - truecharts.org/grade: U - apiVersion: v2 - appVersion: 6.4.2.6 - created: "2021-12-04T20:11:24.835923201Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: 'ONLYOFFICE Document Server is an online office suite comprising - viewers and editors for texts, spreadsheets and presentations, fully compatible - with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative - editing in real time.' - digest: 791a8e6d41e510334103382d1c439fe2da225d251b9569eb67d5fd6cdc055664 - home: https://github.com/truecharts/apps/tree/master/charts/stable/onlyoffice-ds-ce - icon: https://avatars.githubusercontent.com/u/1426033?s=200&v=4 - keywords: - - onlyoffice - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: onlyoffice-document-server - sources: - - https://github.com/ONLYOFFICE/DocumentServer - - https://github.com/ONLYOFFICE/Docker-DocumentServer - - https://hub.docker.com/r/onlyoffice/documentserver/ - urls: - - https://github.com/truecharts/apps/releases/download/onlyoffice-document-server-2.0.15/onlyoffice-document-server-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -156779,43 +153359,6 @@ entries: - https://github.com/truecharts/apps/releases/download/onlyoffice-document-server-0.0.1/onlyoffice-document-server-0.0.1.tgz version: 0.0.1 openkm: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 6.3.11 - created: "2021-12-04T20:11:25.049225365Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: OpenKM integrates all essential documents management, collaboration - and an advanced search functionality into one easy to use solution. - digest: ddee10bb97225d147af9a64890df872e500dffa046acd54004dcfb0f5a223126 - home: https://github.com/truecharts/apps/tree/master/charts/stable/openkm - icon: https://raw.githubusercontent.com/openkm/document-management-system/master/src/main/webapp/img/logo_favicon.ico - keywords: - - openkm - - documentation management - - docs - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: openkm - sources: - - https://www.openkm.com/ - - https://github.com/openkm/document-management-system - urls: - - https://github.com/truecharts/apps/releases/download/openkm-4.0.6/openkm-4.0.6.tgz - version: 4.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -157177,40 +153720,6 @@ entries: - https://github.com/truecharts/apps/releases/download/openkm-0.0.1/openkm-0.0.1.tgz version: 0.0.1 openldap: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - cloud - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.5.0 - created: "2021-12-04T20:11:25.236650315Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Community developed LDAP software - digest: 55604b09af02896a433614ad154e999783a843789d547b8ee0dcc44c25be8260 - home: https://www.openldap.org - icon: https://upload.wikimedia.org/wikipedia/commons/thumb/7/71/Database-openldap.svg/640px-Database-openldap.svg.png - keywords: - - ldap - - openldap - - iam-stack - - high availability - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: openldap - sources: - - https://github.com/jp-gouin/helm-openldap - - https://github.com/osixia/docker-openldap - type: application - urls: - - https://github.com/truecharts/apps/releases/download/openldap-4.0.20/openldap-4.0.20.tgz - version: 4.0.20 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -159223,37 +155732,6 @@ entries: - https://github.com/truecharts/apps/releases/download/openldap-1.0.0/openldap-1.0.0.tgz version: 1.0.0 organizr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - organizers - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:25.418225817Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: HTPC/Homelab Services Organizer - digest: ae8c73361b6fa0cc6383e05e58ad8afbf1afc50fdb3e3f19e681ea2b2b520a6e - home: https://github.com/truecharts/apps/tree/master/charts/stable/organizr - icon: https://github.com/causefx/Organizr/blob/v2-master/plugins/images/organizr/logo.png?raw=true - keywords: - - organizr - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: organizr - sources: - - https://github.com/causefx/Organizr - - https://hub.docker.com/r/organizr/organizr - type: application - urls: - - https://github.com/truecharts/apps/releases/download/organizr-9.0.16/organizr-9.0.16.tgz - version: 9.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -161698,36 +158176,6 @@ entries: - https://github.com/truecharts/apps/releases/download/organizr-3.1.5/organizr-3.1.5.tgz version: 3.1.5 oscam: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - DIY - truecharts.org/grade: U - apiVersion: v2 - appVersion: "11693" - created: "2021-12-04T20:11:25.612194322Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Open Source Conditional Access Module software - digest: 78cceb750d586b17225a17ca8503e2d3e0902998134ba0dd6089828c9cc85881 - home: https://github.com/truecharts/apps/tree/master/charts/stable/oscam - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/oscam-logo.png - keywords: - - oscam - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: oscam - sources: - - https://trac.streamboard.tv/oscam/browser/trunk - type: application - urls: - - https://github.com/truecharts/apps/releases/download/oscam-4.0.15/oscam-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -162149,41 +158597,6 @@ entries: - https://github.com/truecharts/apps/releases/download/oscam-1.0.0/oscam-1.0.0.tgz version: 1.0.0 overseerr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.27.0 - created: "2021-12-04T20:11:25.800489479Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Overseerr is a free and open source software application for managing - requests for your media library. It integrates with your existing services such - as Sonarr, Radarr and Plex! - digest: 4fa377d23cfd6e20ce0e1d33aedf762000c695be9053e97cb4544d308a8ddcdc - home: https://github.com/truechartsapps/tree/master/charts/stable/overseerr - icon: https://i.imgur.com/TMoEG7g.png - keywords: - - overseerr - - plex - - sonarr - - radarr - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: overseerr - sources: - - https://github.com/sct/overseerr - - https://hub.docker.com/r/sctx/overseerr - urls: - - https://github.com/truecharts/apps/releases/download/overseerr-4.0.15/overseerr-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -163915,40 +160328,6 @@ entries: - https://github.com/truecharts/apps/releases/download/overseerr-1.0.1/overseerr-1.0.1.tgz version: 1.0.1 owncast: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.0.10 - created: "2021-12-04T20:11:25.987769128Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Take control over your live stream video by running it yourself. - Streaming + chat out of the box. - digest: 8129297633bb243a0b28feb722a2aa98db1f8ab07dd27d712ed4bae93b2da2e1 - home: https://github.com/truechartsapps/tree/master/charts/stable/owncast - icon: https://owncast.online/images/owncast-logo-1000x1000.png - keywords: - - owncast - - stream - - open source - - chat - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: owncast - sources: - - https://owncast.online/ - - https://github.com/owncast/owncast - urls: - - https://github.com/truecharts/apps/releases/download/owncast-4.0.14/owncast-4.0.14.tgz - version: 4.0.14 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -165710,43 +162089,6 @@ entries: - https://github.com/truecharts/apps/releases/download/owncast-1.0.1/owncast-1.0.1.tgz version: 1.0.1 owncloud-ocis: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.15.0 - created: "2021-12-04T20:11:26.195241637Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: ownCloud Infinite Scale is a self-hosted file sync and share server. - digest: 79e0f17f48af5b36dee6659760a214589841054a780c744062e73ee5cd611d79 - home: https://github.com/truechartsapps/tree/master/charts/stable/owncloud-ocis - icon: https://avatars.githubusercontent.com/u/1645051?s=200&v=4 - keywords: - - owncloud - - ocis - - infinite - - scale - - self-hosted - - sync - - share - - server - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: owncloud-ocis - sources: - - https://hub.docker.com/r/owncloud/ocis - - https://owncloud.dev/ocis/ - urls: - - https://github.com/truecharts/apps/releases/download/owncloud-ocis-4.0.16/owncloud-ocis-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -167826,38 +164168,6 @@ entries: - https://github.com/truecharts/apps/releases/download/owncloud-ocis-1.0.1/owncloud-ocis-1.0.1.tgz version: 1.0.1 pgadmin: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - management - truecharts.org/grade: U - apiVersion: v2 - appVersion: "6.2" - created: "2021-12-04T20:11:26.38735931Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Web-Based postgresql database management utility - digest: 41a3689cefaae469443cf0a18d0f7fd88d3b2cef31e261569ccc1b069d9aede1 - home: https://github.com/truecharts/apps/tree/master/charts/stable/pgadmin - icon: https://www.postgresql.org/message-id/attachment/1139/pgAdmin.svg - keywords: - - pgadmin - - db - - database - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: pgadmin - sources: - - https://www.pgadmin.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/pgadmin-4.0.16/pgadmin-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -169708,44 +166018,6 @@ entries: - https://github.com/truecharts/apps/releases/download/pgadmin-1.0.1/pgadmin-1.0.1.tgz version: 1.0.1 photoprism: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "20211130" - created: "2021-12-04T20:11:26.600252954Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: PhotoPrism® is a server-based application for browsing, organizing - and sharing your personal photo collection - digest: 4e3965dd1eafa0d8af2eeaa53a8fc304bb423bb704b8d0ab81bf414dcecae480 - home: https://github.com/truechartsapps/tree/master/charts/stable/photoprism - icon: https://demo.photoprism.org/static/img/logo-avatar.svg - keywords: - - photos - - photoprism - - pictures - - sharing - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: photoprism - sources: - - https://github.com/photoprism/photoprism - - https://hub.docker.com/r/photoprism/photoprism - urls: - - https://github.com/truecharts/apps/releases/download/photoprism-6.0.5/photoprism-6.0.5.tgz - version: 6.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -171683,41 +167955,6 @@ entries: - https://github.com/truecharts/apps/releases/download/photoprism-1.0.1/photoprism-1.0.1.tgz version: 1.0.1 photoshow: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 48aabb98 - created: "2021-12-04T20:11:26.774616782Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A gallery software at its easiest, it doesn't even require a database. - digest: 90fb3a66182175cfa8c7d7dc9ccb79d36cd0162809661e02c193305871b4004e - home: https://github.com/truecharts/apps/tree/master/charts/stable/photoshow - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/photoshow-icon.png - keywords: - - photoshow - - photo - - show - - gallary - - image - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: photoshow - sources: - - https://github.com/thibaud-rohmer/PhotoShow - - https://github.com/linuxserver/docker-photoshow - type: application - urls: - - https://github.com/truecharts/apps/releases/download/photoshow-1.0.19/photoshow-1.0.19.tgz - version: 1.0.19 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -172084,38 +168321,6 @@ entries: - https://github.com/truecharts/apps/releases/download/photoshow-0.0.2/photoshow-0.0.2.tgz version: 0.0.2 phpldapadmin: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - management - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.9.0 - created: "2021-12-04T20:11:26.987327525Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Web-based LDAP browser to manage your LDAP server - digest: 0c9f9f2527dc04a8f77716045811b703c6c32f593401c3534497282bd6b8573f - home: https://github.com/truecharts/apps/tree/master/charts/stable/phpldapadmin - icon: https://repository-images.githubusercontent.com/3665191/dd213f80-766c-11e9-8117-6b639095ef99 - keywords: - - phpldapadmin - - openldap - - userrights - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: phpldapadmin - sources: - - https://gitlab.v2.rancher.geohub.space/g3s/i3s/i3s-helm-catalog - type: application - urls: - - https://github.com/truecharts/apps/releases/download/phpldapadmin-4.0.15/phpldapadmin-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -173694,37 +169899,6 @@ entries: - https://github.com/truecharts/apps/releases/download/phpldapadmin-1.0.1/phpldapadmin-1.0.1.tgz version: 1.0.1 piaware: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "6.1" - created: "2021-12-04T20:11:27.238164879Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Program for forwarding ADS-B data to FlightAware - digest: b153417c2163608be02ecdd823d65624d277647707f9d765ccb2dedc9925b764 - home: https://github.com/truechartsapps/tree/master/charts/stable/piaware - icon: https://pbs.twimg.com/profile_images/964269455483088897/mr2UgvfG_400x400.jpg - keywords: - - piaware - - flight-aware - - flight-tracker - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: piaware - sources: - - https://github.com/flightaware/piaware - urls: - - https://github.com/truecharts/apps/releases/download/piaware-4.0.15/piaware-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -175228,38 +171402,6 @@ entries: - https://github.com/truecharts/apps/releases/download/piaware-1.0.1/piaware-1.0.1.tgz version: 1.0.1 pihole: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - networking - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2021.10.1 - created: "2021-12-04T20:11:27.417229446Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: DNS and Ad-filtering for your network - digest: 4556a82970c248e23d68ded461f16791739349e7bb1da02fbad3cc5901b5548a - home: https://github.com/truecharts/apps/tree/master/charts/stable/pihole - icon: https://upload.wikimedia.org/wikipedia/en/thumb/1/15/Pi-hole_vector_logo.svg/1200px-Pi-hole_vector_logo.svg.png - keywords: - - DNS - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: pihole - sources: - - https://pi-hole.net/ - - https://github.com/pi-hole - - https://github.com/pi-hole/docker-pi-hole - type: application - urls: - - https://github.com/truecharts/apps/releases/download/pihole-4.0.17/pihole-4.0.17.tgz - version: 4.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -176138,41 +172280,6 @@ entries: - https://github.com/truecharts/apps/releases/download/pihole-0.0.1/pihole-0.0.1.tgz version: 0.0.1 piwigo: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 11.5.0 - created: "2021-12-04T20:11:27.623690737Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A is photo gallery software for the web, built by an active community - of users and developers. - digest: 99d6844ca23657a1c2ebdea08544ee3a7ea62136b34db9c8b9ebc5f815e61891 - home: https://github.com/truecharts/apps/tree/master/charts/stable/piwigo - icon: https://avatars.githubusercontent.com/u/9326886?s=200&v=4 - keywords: - - piwigo - - gallery - - photo - - image - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: piwigo - sources: - - http://piwigo.org/ - - https://github.com/linuxserver/docker-piwigo - type: application - urls: - - https://github.com/truecharts/apps/releases/download/piwigo-1.0.16/piwigo-1.0.16.tgz - version: 1.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -176469,41 +172576,6 @@ entries: - https://github.com/truecharts/apps/releases/download/piwigo-0.0.2/piwigo-0.0.2.tgz version: 0.0.2 pixapop: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "1.2" - created: "2021-12-04T20:11:27.812468384Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: An open-source single page application to view your photos in the - easiest way possible. - digest: 142456095992b7cedd510ea434a1dc2d06c5ae4f885a6d372487896856179709 - home: https://github.com/truecharts/apps/tree/master/charts/stable/pixapop - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/pixapop.png - keywords: - - pixapop - - photo - - gallery - - image - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: pixapop - sources: - - https://github.com/linuxserver/docker-pixapop - - https://github.com/bierdok/pixapop - type: application - urls: - - https://github.com/truecharts/apps/releases/download/pixapop-1.0.15/pixapop-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -176765,37 +172837,6 @@ entries: - https://github.com/truecharts/apps/releases/download/pixapop-0.0.2/pixapop-0.0.2.tgz version: 0.0.2 plex: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.24.5.517 - created: "2021-12-04T20:11:28.007180679Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Plex Media Server - digest: 3621099d5948bece8e19c49f5573e3d9cacb3f23f24521a6e008378f50f394e0 - home: https://github.com/truecharts/apps/tree/master/charts/stable/plex - icon: https://www.plex.tv/wp-content/uploads/2018/01/pmp-icon-1.png - keywords: - - plex - - plex-media-server - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: plex - sources: - - https://github.com/k8s-at-home/container-images/pkgs/container/plex - type: application - urls: - - https://github.com/truecharts/apps/releases/download/plex-8.0.16/plex-8.0.16.tgz - version: 8.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -179659,38 +175700,6 @@ entries: - https://github.com/truecharts/apps/releases/download/plex-2.1.5/plex-2.1.5.tgz version: 2.1.5 podgrab: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - mutlimedia - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.0.0 - created: "2021-12-04T20:11:28.194651114Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A self-hosted podcast manager to download episodes as soon as they - become live. - digest: c25e486798294036ad9ceca548fb462e8a11283e46e95252888c2a0150f111dd - home: https://github.com/truecharts/apps/tree/master/charts/stable/podgrab - icon: https://upload.wikimedia.org/wikipedia/commons/thumb/e/e7/Podcasts_%28iOS%29.svg/1024px-Podcasts_%28iOS%29.svg.png - keywords: - - podgrab - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: podgrab - sources: - - https://github.com/akhilrex/podgrab - - https://hub.docker.com/r/akhilrex/podgrab - type: application - urls: - - https://github.com/truecharts/apps/releases/download/podgrab-7.0.15/podgrab-7.0.15.tgz - version: 7.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -185896,39 +181905,6 @@ entries: - https://github.com/truecharts/apps/releases/download/postgresql-1.0.0/postgresql-1.0.0.tgz version: 1.0.0 pretend-youre-xyzzy: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "4" - created: "2021-12-04T20:11:28.3637551Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: pretend-youre-xyzzy, a cards against humanity clone - digest: 8a3252695a8cfca4e3255d2e311d82b192b4d8aa3a108decaa82f413268ac5a7 - home: https://github.com/truechartsapps/tree/master/charts/stable/pretend-youre-xyzzy - icon: https://apk-google.com/wp-content/uploads/2020/12/Client-for-Pretend-Youre-Xyzzy-open-source-5.0.1.png - keywords: - - pretend-youre-xyzzy - - cards - - against - - humanity - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: pretend-youre-xyzzy - sources: - - https://github.com/ajanata/PretendYoureXyzzy - - https://github.com/emcniece/DockerYourXyzzy - urls: - - https://github.com/truecharts/apps/releases/download/pretend-youre-xyzzy-4.0.15/pretend-youre-xyzzy-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -187518,38 +183494,6 @@ entries: - https://github.com/truecharts/apps/releases/download/pretend-youre-xyzzy-1.0.1/pretend-youre-xyzzy-1.0.1.tgz version: 1.0.1 promcord: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - metrics - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:28.610602422Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Discord bot that provides metrics from a Discord server - digest: 54dd64c1e67c7244624527f2560a970ac4163aea4c60331e740cc30f69bc2a09 - home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/promcord - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - promcord - - discord - - metrics - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: promcord - sources: - - https://github.com/nimarion/promcord - type: application - urls: - - https://github.com/truecharts/apps/releases/download/promcord-1.0.3/promcord-1.0.3.tgz - version: 1.0.3 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -187647,48 +183591,6 @@ entries: - https://github.com/truecharts/apps/releases/download/promcord-0.0.1/promcord-0.0.1.tgz version: 0.0.1 prometheus: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - metrics - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.52.1 - created: "2021-12-04T20:11:28.821852152Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: exporters.enabled,exporters.node-exporter.enabled - name: node-exporter - repository: https://charts.bitnami.com/bitnami - version: 2.3.16 - - condition: exporters.enabled,exporters.kube-state-metrics.enabled - name: kube-state-metrics - repository: https://charts.bitnami.com/bitnami - version: 2.1.18 - description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, - and Prometheus rules combined with documentation and scripts to provide easy - to operate end-to-end Kubernetes cluster monitoring with Prometheus using the - Prometheus Operator. - digest: 5bd9c8b121c5b92a0c73f030240549902c71bc89edbb6a451f4b27a6c1332dbb - home: https://github.com/truecharts/apps/tree/master/charts/stable/prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - metrics - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: prometheus - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - https://github.com/truecharts/apps/releases/download/prometheus-1.1.5/prometheus-1.1.5.tgz - version: 1.1.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -188404,37 +184306,6 @@ entries: - https://github.com/truecharts/apps/releases/download/promtail-0.0.1/promtail-0.0.1.tgz version: 0.0.1 protonmail-bridge: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.8.10 - created: "2021-12-04T20:11:28.995355273Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Container for protonmail bridge to work on the network. - digest: 743a03a17d5b4a94d9381067e4f2f6f01127c0efb3499fbc04da83ab061aff09 - home: https://github.com/truechartsapps/tree/master/charts/stable/protonmail-bridge - icon: https://raw.githubusercontent.com/ProtonMail/proton-bridge/master/icon.iconset/icon_256x256.png - keywords: - - protonmail - - protonmail-bridge - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: protonmail-bridge - sources: - - https://github.com/shenxn/protonmail-bridge-docker - - https://hub.docker.com/r/shenxn/protonmail-bridge - urls: - - https://github.com/truecharts/apps/releases/download/protonmail-bridge-4.0.15/protonmail-bridge-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -191712,39 +187583,6 @@ entries: - https://github.com/truecharts/apps/releases/download/prototypegui-6.8.7/prototypegui-6.8.7.tgz version: 6.8.7 prowlarr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.1.6.1184 - created: "2021-12-04T20:11:29.17688976Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Indexer manager/proxy built on the popular arr net base stack to - integrate with your various PVR apps. - digest: 13c81083ec208e546003340260d9ae6745a439f7981ee121f70ce7dde0e933a1 - home: https://github.com/truecharts/apps/tree/master/charts/stable/prowlarr - icon: https://raw.githubusercontent.com/Prowlarr/Prowlarr/develop/Logo/400.png - keywords: - - prowlarr - - torrent - - usenet - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: prowlarr - sources: - - https://github.com/Prowlarr/Prowlarr - - https://github.com/k8s-at-home/container-images - urls: - - https://github.com/truecharts/apps/releases/download/prowlarr-4.0.25/prowlarr-4.0.25.tgz - version: 4.0.25 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -194891,39 +190729,6 @@ entries: - https://github.com/truecharts/apps/releases/download/prowlarr-1.0.0/prowlarr-1.0.0.tgz version: 1.0.0 pyload: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 5de90278 - created: "2021-12-04T20:11:29.366907117Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: pyLoad is a Free and Open Source download manager written in Python - and designed to be extremely lightweight, easily extensible and fully manageable - via web. - digest: 1c8a1247085afa2827a8547e8af02dbae0904921cf6d4be4eb2171ffbcee8d39 - home: https://github.com/truechartsapps/tree/master/charts/stable/pyload - icon: https://avatars.githubusercontent.com/u/3521496?s=200&v=4 - keywords: - - pyload - - download - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: pyload - sources: - - https://github.com/pyload/pyload - - https://hub.docker.com/r/linuxserver/pyload - urls: - - https://github.com/truecharts/apps/releases/download/pyload-4.0.15/pyload-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -196513,37 +192318,6 @@ entries: - https://github.com/truecharts/apps/releases/download/pyload-1.0.1/pyload-1.0.1.tgz version: 1.0.1 qbittorrent: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 4.3.9 - created: "2021-12-04T20:11:29.563270525Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: qBittorrent is a cross-platform free and open-source BitTorrent client - digest: 57393ed5c9cd6db5935a0a3fc4183d3aa403cf5921218844563d02b383738ab6 - home: https://github.com/truecharts/apps/tree/master/charts/stable/qbittorrent - icon: https://cloud.githubusercontent.com/assets/14862437/23586868/89ef2922-01c4-11e7-869c-52aafcece17f.png - keywords: - - qbittorrent - - torrrent - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: qbittorrent - sources: - - https://github.com/qbittorrent/qBittorrent - type: application - urls: - - https://github.com/truecharts/apps/releases/download/qbittorrent-9.0.18/qbittorrent-9.0.18.tgz - version: 9.0.18 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -198914,38 +194688,6 @@ entries: - https://github.com/truecharts/apps/releases/download/qbittorrent-3.1.5/qbittorrent-3.1.5.tgz version: 3.1.5 radarr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.2.2.5080 - created: "2021-12-04T20:11:29.760802243Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A fork of Sonarr to work with movies à la Couchpotato - digest: 90cc7f436862bdce5a7829394865833d5d7ddbb48a74b1279379a86b829a312e - home: https://github.com/truecharts/apps/tree/master/charts/stable/radarr - icon: https://nzbusenet.com/wp-content/uploads/2017/10/radarr-logo.png - keywords: - - radarr - - torrent - - usenet - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: radarr - sources: - - https://github.com/Radarr/Radarr - type: application - urls: - - https://github.com/truecharts/apps/releases/download/radarr-9.0.15/radarr-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -201736,41 +197478,6 @@ entries: - https://github.com/truecharts/apps/releases/download/radarr-3.1.5/radarr-3.1.5.tgz version: 3.1.5 readarr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.1.0.1081 - created: "2021-12-04T20:11:29.936716784Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A fork of Radarr to work with Books & AudioBooks - digest: c4a6a031aa9d9e40e5d2ac14699c0aa5f45933c4647ac0331625d6ec25639366 - home: https://github.com/truecharts/apps/tree/master/charts/stable/readarr - icon: https://github.com/Readarr/Readarr/blob/develop/Logo/1024.png?raw=true - keywords: - - readarr - - torrent - - usenet - - AudioBooks - - ebooks - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: readarr - sources: - - https://github.com/Readarr/Readarr - - https://readarr.com - type: application - urls: - - https://github.com/truecharts/apps/releases/download/readarr-9.0.24/readarr-9.0.24.tgz - version: 9.0.24 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -205738,43 +201445,6 @@ entries: - https://github.com/truecharts/apps/releases/download/readarr-3.1.5/readarr-3.1.5.tgz version: 3.1.5 recipes: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.0.2 - created: "2021-12-04T20:11:30.164750352Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Recipes is a Django application to manage, tag and search recipes - using either built in models or external storage providers hosting PDF's, Images - or other files. - digest: 5ac205c9a3c734375e6f1de33ee8f080d503a50b31c3844683c32090f07934b5 - home: https://github.com/truecharts/apps/tree/master/charts/stable/recipes - icon: https://raw.githubusercontent.com/vabene1111/recipes/develop/docs/logo_color.svg - keywords: - - recipes - - cooking - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: recipes - sources: - - https://github.com/vabene1111/recipes - - https://hub.docker.com/r/vabene1111/recipes - urls: - - https://github.com/truecharts/apps/releases/download/recipes-4.0.10/recipes-4.0.10.tgz - version: 4.0.10 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -207147,37 +202817,6 @@ entries: - https://github.com/truecharts/apps/releases/download/redis-0.0.1/redis-0.0.1.tgz version: 0.0.1 reg: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - utilities - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.16.1 - created: "2021-12-04T20:11:30.357846434Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Docker registry v2 command line client and repo listing generator - with security checks. - digest: 01fdc2ba3e21b2e91575c1dc34bd4fa50692e270253fdc0bd8e2d28eb5bdaae2 - home: https://github.com/truecharts/apps/tree/master/charts/stable/reg - icon: https://avatars.githubusercontent.com/u/37218338 - keywords: - - reg - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: reg - sources: - - https://github.com/genuinetools/reg - - https://github.com/k8s-at-home/container-images/ - urls: - - https://github.com/truecharts/apps/releases/download/reg-4.0.14/reg-4.0.14.tgz - version: 4.0.14 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -209175,40 +204814,6 @@ entries: - https://github.com/truecharts/apps/releases/download/reg-1.0.0/reg-1.0.0.tgz version: 1.0.0 remmina: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.2.0-rcgi - created: "2021-12-04T20:11:30.546840682Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A remote desktop client written in GTK - digest: c85c48697bfb26d3227345071e219e61fcb4706ac789ff8baa2922399cb2babf - home: https://github.com/truecharts/apps/tree/master/charts/stable/remmina - icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/remmina-icon.png - keywords: - - remina - - remote - - desktop - - client - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: remmina - sources: - - https://github.com/linuxserver/docker-remmina - - https://remmina.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/remmina-1.0.19/remmina-1.0.19.tgz - version: 1.0.19 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -209564,39 +205169,6 @@ entries: - https://github.com/truecharts/apps/releases/download/remmina-0.0.2/remmina-0.0.2.tgz version: 0.0.2 resilio-sync: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.7.2.1375 - created: "2021-12-04T20:11:30.737936747Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Resilio Sync is a fast, reliable, and simple file sync and share - solution, powered by P2P technology - digest: 3c8b7bd9bff17d7dc47d3cff8c072f9c73e176bf7297d445311e09c5c39ae021 - home: https://github.com/truechartsapps/tree/master/charts/stable/resio-sync - icon: https://blog.resilio.com/wp-content/uploads/2016/06/SyncSymbol-260x260px.png - keywords: - - resilio - - sync - - btsync - - bittorrent - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: resilio-sync - sources: - - https://github.com/orgs/linuxserver/packages/container/package/resilio-sync - urls: - - https://github.com/truecharts/apps/releases/download/resilio-sync-4.0.15/resilio-sync-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -211214,37 +206786,6 @@ entries: - https://github.com/truecharts/apps/releases/download/resilio-sync-1.0.1/resilio-sync-1.0.1.tgz version: 1.0.1 sabnzbd: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.4.2 - created: "2021-12-04T20:11:30.922265457Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Free and easy binary newsreader - digest: 1a0ad4de36cf22672a61af7533dff66737800b614c9a64a90884eb07e0159199 - home: https://github.com/truecharts/apps/tree/master/charts/stable/sabnzbd - icon: https://avatars1.githubusercontent.com/u/960698?s=400&v=4 - keywords: - - sabnzbd - - usenet - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: sabnzbd - sources: - - https://sabnzbd.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/sabnzbd-9.0.15/sabnzbd-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -213697,36 +209238,6 @@ entries: - https://github.com/truecharts/apps/releases/download/sabnzbd-3.1.5/sabnzbd-3.1.5.tgz version: 3.1.5 ser2sock: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:31.102322732Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Serial to Socket Redirector - digest: e7c1e288db0702dad380adfe9c2c916ccc515d7d65a6f00e36142ed39015c1f1 - home: https://github.com/truechartsapps/tree/master/charts/stable/ser2sock - icon: https://i.imgur.com/GfZ7McO.png - keywords: - - ser2sock - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: ser2sock - sources: - - https://github.com/nutechsoftware/ser2sock - - https://github.com/tenstartups/ser2sock - urls: - - https://github.com/truecharts/apps/releases/download/ser2sock-4.0.15/ser2sock-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -215148,44 +210659,6 @@ entries: - https://github.com/truecharts/apps/releases/download/ser2sock-1.0.1/ser2sock-1.0.1.tgz version: 1.0.1 shiori: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.5.0 - created: "2021-12-04T20:11:31.320777021Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: A simple bookmark manager built with Go - digest: a4f1770e141e5365788c849c2281377f80dd3d50a1a28777f9fc21898eb3b430 - home: https://github.com/truecharts/apps/tree/main/charts/shiori - icon: https://github.com/go-shiori/shiori/raw/master/internal/view/res/apple-touch-icon-152x152.png - keywords: - - shiori - - bookmark - - bookmark-manager - - web-interface - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: shiori - sources: - - https://github.com/go-shiori/shiori - - https://github.com/nicholaswilde/docker-shiori - type: application - urls: - - https://github.com/truecharts/apps/releases/download/shiori-4.0.6/shiori-4.0.6.tgz - version: 4.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -215557,39 +211030,6 @@ entries: - https://github.com/truecharts/apps/releases/download/shiori-0.0.1/shiori-0.0.1.tgz version: 0.0.1 shorturl: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.1.0 - created: "2021-12-04T20:11:31.498271675Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Self hosted web app for shortening urls (URL shortener) - digest: e1b530966a8f82c6f584eadf85ed14280f7b40c649de17f9e50a929ee0758cb6 - home: https://github.com/truecharts/apps/tree/master/charts/stable/shorturl - keywords: - - url - - shortener - - shorten - - shorturl - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: shorturl - sources: - - https://github.com/prologic/shorturl - - https://github.com/nicholaswilde/docker-shorturl - type: application - urls: - - https://github.com/truecharts/apps/releases/download/shorturl-1.0.15/shorturl-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -215835,40 +211275,6 @@ entries: - https://github.com/truecharts/apps/releases/download/shorturl-0.0.2/shorturl-0.0.2.tgz version: 0.0.2 sickchill: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2021.5.10 - created: "2021-12-04T20:11:31.680437667Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: An Automatic Video Library Manager for TV Shows - digest: 4b6b347c1db43d0d143bde07719a2c3735b3900d4760f5289b38032e9a0f824d - home: https://github.com/truecharts/apps/tree/master/charts/stable/sickchill - icon: https://github.com/SickChill/SickChill/raw/master/sickchill/gui/slick/images/ico/android-chrome-256x256.png - keywords: - - sickchill - - video - - library - - manager - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: sickchill - sources: - - https://github.com/linuxserver/docker-sickchill - - https://github.com/SickChill/SickChill - type: application - urls: - - https://github.com/truecharts/apps/releases/download/sickchill-1.0.15/sickchill-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -216122,41 +211528,6 @@ entries: - https://github.com/truecharts/apps/releases/download/sickchill-0.0.2/sickchill-0.0.2.tgz version: 0.0.2 sickgear: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.25.4 - created: "2021-12-04T20:11:31.858545926Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Provides management of TV shows and/or Anime, it detects new episodes, - links downloader apps, and more - digest: 9c2ac49f1ace46612b8c2d656ed0f862a59420a836a3d93ba8fdb81d1d78c712 - home: https://github.com/truecharts/apps/tree/master/charts/stable/sickgear - icon: https://avatars.githubusercontent.com/u/9690267?s=200&v=4 - keywords: - - sickgear - - manager - - tv - - shows - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: sickgear - sources: - - https://github.com/linuxserver/docker-sickgear - - https://github.com/SickGear/SickGear - type: application - urls: - - https://github.com/truecharts/apps/releases/download/sickgear-1.0.15/sickgear-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -216418,39 +211789,6 @@ entries: - https://github.com/truecharts/apps/releases/download/sickgear-0.0.2/sickgear-0.0.2.tgz version: 0.0.2 smokeping: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.7.3 - created: "2021-12-04T20:11:32.050749401Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Keep track of your network latency. - digest: 1cef6224c1639fce1bcd0a2e037ca0552b3543fe542ff19dd1e4e6248c6f0165 - home: https://github.com/truecharts/apps/tree/master/charts/stable/smokeping - icon: https://github.com/truecharts/apps/raw/main/images/smokeping.png - keywords: - - smokeping - - network - - latency - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: smokeping - sources: - - https://oss.oetiker.ch/smokeping/ - - https://hub.docker.com/r/linuxserver/smokeping - type: application - urls: - - https://github.com/truecharts/apps/releases/download/smokeping-1.0.17/smokeping-1.0.17.tgz - version: 1.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -216762,43 +212100,6 @@ entries: - https://github.com/truecharts/apps/releases/download/smokeping-0.0.2/smokeping-0.0.2.tgz version: 0.0.2 snipe-it: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - management - truecharts.org/grade: U - apiVersion: v2 - appVersion: 5.3.3 - created: "2021-12-04T20:11:32.268288483Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: Open source asset management - digest: 7670b1a9fddbb58b33dd5cc758e11618c507b2f8fb5d764e6454c7ffb59a1a36 - home: https://github.com/truechartsapps/tree/master/charts/stable/snipe-it - icon: https://github.com/nicholaswilde/helm-charts/raw/main/images/snipe-it.jpg - keywords: - - snipeit - - snipe - - asset - - management - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: snipe-it - sources: - - https://snipeitapp.com/ - - https://hub.docker.com/r/linuxserver/ - urls: - - https://github.com/truecharts/apps/releases/download/snipe-it-0.0.5/snipe-it-0.0.5.tgz - version: 0.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -217836,38 +213137,6 @@ entries: - https://github.com/truecharts/apps/releases/download/sogo-0.0.1/sogo-0.0.1.tgz version: 0.0.1 sonarr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.0.6.1342 - created: "2021-12-04T20:11:32.473108561Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Smart PVR for newsgroup and bittorrent users - digest: 5a80b44637bccceea15b384c75d8d6e700c604a816ae7fa27e6cafbbf06b20eb - home: https://github.com/truecharts/apps/tree/master/charts/stable/sonarr - icon: https://github.com/Sonarr/Sonarr/blob/phantom-develop/Logo/512.png?raw=true - keywords: - - sonarr - - torrent - - usenet - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: sonarr - sources: - - https://github.com/Sonarr/Sonarr - type: application - urls: - - https://github.com/truecharts/apps/releases/download/sonarr-9.0.16/sonarr-9.0.16.tgz - version: 9.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -220720,38 +215989,6 @@ entries: - https://github.com/truecharts/apps/releases/download/sonarr-3.1.5/sonarr-3.1.5.tgz version: 3.1.5 speedtest-exporter: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - metrics - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.3.4 - created: "2021-12-04T20:11:32.643824459Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Speedtest Exporter made in python using the official speedtest bin - digest: 1d0456e32bfb9524811dd02327246e5cc14b9b6120523fc11f7e0c7e527a40cc - home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/speedtest-exporter - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - speedtest-exporter - - speedtest - - metrics - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: speedtest-exporter - sources: - - https://github.com/MiguelNdeCarvalho/speedtest-exporter/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/speedtest-exporter-1.0.2/speedtest-exporter-1.0.2.tgz - version: 1.0.2 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -220881,41 +216118,6 @@ entries: - https://github.com/truecharts/apps/releases/download/speedtest-exporter-0.0.1/speedtest-exporter-0.0.1.tgz version: 0.0.1 sqlitebrowser: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.12.2 - created: "2021-12-04T20:11:32.8320106Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A high quality, visual, open source tool to create, design, and edit - database files compatible with SQLite - digest: 7ffe30977b467bc8f23037ae51d0179626442cb13504ab8e56286432799d0f47 - home: https://github.com/truecharts/apps/tree/master/charts/stable/sqlitebrowser - icon: https://sqlitebrowser.org/images/sqlitebrowser.svg - keywords: - - sqlite - - browser - - sqlitebrowser - - database - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: sqlitebrowser - sources: - - https://github.com/linuxserver/docker-sqlitebrowser - - https://sqlitebrowser.org/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/sqlitebrowser-1.0.19/sqlitebrowser-1.0.19.tgz - version: 1.0.19 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -221282,36 +216484,6 @@ entries: - https://github.com/truecharts/apps/releases/download/sqlitebrowser-0.0.2/sqlitebrowser-0.0.2.tgz version: 0.0.2 stash: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.11.0 - created: "2021-12-04T20:11:33.032468242Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: An organizer for your porn, written in Go - digest: 4fbfedb7aa4cf379eb5bbeb8decb6a1e0259b594d457ff5c52eb34f66a92fa9e - home: https://github.com/truechartsapps/tree/master/charts/stable/stash - icon: https://raw.githubusercontent.com/stashapp/website/master/images/stash.svg - keywords: - - porn - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: stash - sources: - - https://github.com/stashapp/stash - - https://hub.docker.com/r/stashapp/stash - urls: - - https://github.com/truecharts/apps/releases/download/stash-4.0.15/stash-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -222863,40 +218035,6 @@ entries: - https://github.com/truecharts/apps/releases/download/stash-1.0.2/stash-1.0.2.tgz version: 1.0.2 static: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: ee8a20c - created: "2021-12-04T20:11:33.217305856Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A self-hosted static file serving app which does nothing more than - just serve up static files from a mounted volume. - digest: 099739419082639bf758f66b3cdccaa0f6e4204871993b73829d7ced743948b7 - home: https://github.com/truecharts/apps/tree/master/charts/stable/static - keywords: - - app - - web - - filesystem - - static - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: static - sources: - - https://github.com/prologic/static - - https://github.com/nicholaswilde/docker-static - type: application - urls: - - https://github.com/truecharts/apps/releases/download/static-1.0.15/static-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -223150,41 +218288,6 @@ entries: - https://github.com/truecharts/apps/releases/download/static-0.0.2/static-0.0.2.tgz version: 0.0.2 statping: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.90.74 - created: "2021-12-04T20:11:33.423326244Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Status page for monitoring your websites and applications - digest: 8c1a246b37d39bfc639aef74f1bee55e80f55fa9a409c82784f00e19655bdf04 - home: https://github.com/truecharts/apps/tree/master/charts/stable/statping - icon: https://avatars.githubusercontent.com/u/61949049?s=200&v=4 - keywords: - - statping - - status - - status-page - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: statping - sources: - - https://github.com/statping/statping - urls: - - https://github.com/truecharts/apps/releases/download/statping-4.0.6/statping-4.0.6.tgz - version: 4.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -223526,38 +218629,6 @@ entries: - https://github.com/truecharts/apps/releases/download/statping-0.0.1/statping-0.0.1.tgz version: 0.0.1 syncthing: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.18.4 - created: "2021-12-04T20:11:33.634625675Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: P2P file synchronization application - digest: 5ba3e87136ed354bac90f13676d652bd3764cbbbf14b1bbadd120811fbb98883 - home: https://github.com/truecharts/apps/tree/master/charts/stable/syncthing - icon: https://raw.githubusercontent.com/syncthing/syncthing/main/assets/logo-128.png - keywords: - - syncthing - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: syncthing - sources: - - https://syncthing.net/ - - https://github.com/syncthing/syncthing - - https://hub.docker.com/r/syncthing/syncthing - type: application - urls: - - https://github.com/truecharts/apps/releases/download/syncthing-9.0.15/syncthing-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -226431,37 +221502,6 @@ entries: - https://github.com/truecharts/apps/releases/download/syncthing-3.1.5/syncthing-3.1.5.tgz version: 3.1.5 tautulli: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.7.7 - created: "2021-12-04T20:11:33.820025194Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A Python based monitoring and tracking tool for Plex Media Server - digest: d36122a7c77e41977f3343a71455d0a7fd08eda411d3394a920aee50b906dfa7 - home: https://github.com/truecharts/apps/tree/master/charts/stable/tautulli - icon: https://github.com/Tautulli/Tautulli/blob/master/data/interfaces/default/images/logo.png?raw=true - keywords: - - tautulli - - plex - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: tautulli - sources: - - https://github.com/Tautulli/Tautulli - type: application - urls: - - https://github.com/truecharts/apps/releases/download/tautulli-9.0.15/tautulli-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -229219,39 +224259,6 @@ entries: - https://github.com/truecharts/apps/releases/download/tautulli-3.1.5/tautulli-3.1.5.tgz version: 3.1.5 tdarr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.00.11 - created: "2021-12-04T20:11:34.007103026Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Audio/Video library transcoding automation - digest: 574d6e3bdc628f68dd5706c49e3d03f37cb730af3df6e4849abaf8795041ce99 - home: https://github.com/truecharts/apps/tree/master/charts/stable/tdarr - icon: https://avatars.githubusercontent.com/u/43864057?v=4 - keywords: - - encode - - media - - tdarr - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: tdarr - sources: - - https://github.com/HaveAGitGat/Tdarr - - https://hub.docker.com/r/haveagitgat/tdarr - type: application - urls: - - https://github.com/truecharts/apps/releases/download/tdarr-1.0.17/tdarr-1.0.17.tgz - version: 1.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -229530,39 +224537,6 @@ entries: - https://github.com/truecharts/apps/releases/download/tdarr-0.0.1/tdarr-0.0.1.tgz version: 0.0.1 tdarr-node: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.00.11 - created: "2021-12-04T20:11:34.253683244Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Audio/Video library transcoding automation - digest: ba9f5a3196c59d7eae75ed3036084f0ab316ac3cce434692df3ab1f98cd02edb - home: https://github.com/truecharts/apps/tree/master/charts/stable/tdarr-node - icon: https://avatars.githubusercontent.com/u/43864057?v=4 - keywords: - - encode - - media - - tdarr - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: tdarr-node - sources: - - https://github.com/HaveAGitGat/Tdarr - - https://hub.docker.com/r/haveagitgat/tdarr_node - type: application - urls: - - https://github.com/truecharts/apps/releases/download/tdarr-node-1.0.17/tdarr-node-1.0.17.tgz - version: 1.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -229841,40 +224815,6 @@ entries: - https://github.com/truecharts/apps/releases/download/tdarr-node-0.0.1/tdarr-node-0.0.1.tgz version: 0.0.1 teamspeak3: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - voice - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.13.6 - created: "2021-12-04T20:11:34.433299712Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: TeamSpeak is software for quality voice communication via the Internet. - digest: ef6cb9c673e29d3d81e1c1958fb3d9b8e4f9e726881993c1e216ccce479bc83f - home: https://github.com/truecharts/apps/tree/master/charts/stable/teamspeak3 - icon: https://raw.githubusercontent.com/docker-library/docs/618191cf82de051ff6661c3c8b82cfca1b663972/teamspeak/logo.png - keywords: - - voice server - - teamspeak - - teamspeak3 - - teamspeak server - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: teamspeak3 - sources: - - https://hub.docker.com/_/teamspeak - - https://www.teamspeak.com/en/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/teamspeak3-2.0.15/teamspeak3-2.0.15.tgz - version: 2.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -230331,43 +225271,6 @@ entries: - https://github.com/truecharts/apps/releases/download/teamspeak3-0.0.1/teamspeak3-0.0.1.tgz version: 0.0.1 teedy: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "1.9" - created: "2021-12-04T20:11:34.667022423Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Teedy is an open source, lightweight document management system for - individuals and businesses. - digest: 1418e1b8f9d00dbaa93584c5a4aa0d407bf955bb826c57d698f3cea38b7f6338 - home: https://github.com/truecharts/apps/tree/master/charts/stable/teedy - icon: https://raw.githubusercontent.com/sismics/docs/v1.9/docs-web/src/main/resources/image/logo.png - keywords: - - teedy - - documents - - management - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: teedy - sources: - - https://github.com/sismics/docs - - https://github.com/truecharts/apps/tree/master/charts/teedy - urls: - - https://github.com/truecharts/apps/releases/download/teedy-4.0.6/teedy-4.0.6.tgz - version: 4.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -231502,39 +226405,6 @@ entries: - https://github.com/truecharts/apps/releases/download/testrc2-0.0.1/testrc2-0.0.1.tgz version: 0.0.1 thelounge: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - utilities - truecharts.org/grade: U - apiVersion: v2 - appVersion: 4.3.0 - created: "2021-12-04T20:11:34.857953885Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: The Lounge, modern web IRC client designed for self-hosting - digest: c3ba860f50d4cbfac58f94db1130840af65bfd94c96ade2840a6d8d1272711b2 - home: https://github.com/truecharts/apps/tree/master/charts/stable/thelounge - icon: https://avatars.githubusercontent.com/u/14336958?s=200&v=4 - keywords: - - thelounge - - IRC - - The Lounge - - docker - - thelounge-docker - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: thelounge - sources: - - https://github.com/thelounge/thelounge - urls: - - https://github.com/truecharts/apps/releases/download/thelounge-4.0.16/thelounge-4.0.16.tgz - version: 4.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -233717,41 +228587,6 @@ entries: - https://github.com/truecharts/apps/releases/download/thelounge-1.0.0/thelounge-1.0.0.tgz version: 1.0.0 traccar: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "4.14" - created: "2021-12-04T20:11:35.081417412Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Traccar is an open source GPS tracking system. - digest: d4e5f5e2be5132046899d8ce8f38be88e5a5144db62011a06ecc314cbd05b758 - home: https://github.com/truecharts/apps/tree/master/charts/stable/traccar - icon: https://github.com/traccar/traccar-web/raw/master/web/icon.png - keywords: - - traccar - - gps - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: traccar - sources: - - https://github.com/traccar/traccar - - https://hub.docker.com/r/traccar/traccar - urls: - - https://github.com/truecharts/apps/releases/download/traccar-4.0.6/traccar-4.0.6.tgz - version: 4.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -234093,39 +228928,6 @@ entries: - https://github.com/truecharts/apps/releases/download/traccar-0.0.1/traccar-0.0.1.tgz version: 0.0.1 traefik: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - network - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.5.4 - created: "2021-12-04T20:11:35.276369406Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Test App for Traefik - digest: f52b47a902ded63d9d6047da38b8baca323d188ffcbb3a872c67e8cc354cf94e - home: https://github.com/truecharts/apps/tree/master/charts/stable/traefik - icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png - keywords: - - traefik - - ingress - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: traefik - sources: - - https://github.com/traefik/traefik - - https://github.com/traefik/traefik-helm-chart - - https://traefik.io/ - type: application - urls: - - https://github.com/truecharts/apps/releases/download/traefik-10.0.18/traefik-10.0.18.tgz - version: 10.0.18 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -238418,39 +233220,6 @@ entries: - https://github.com/truecharts/apps/releases/download/traefik-0.0.1/traefik-0.0.1.tgz version: 0.0.1 transmission: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - download-tools - truecharts.org/grade: U - apiVersion: v2 - appVersion: "3.00" - created: "2021-12-04T20:11:35.463615237Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: API Support for your favorite torrent trackers. - digest: 1145beac52049fa56ce0f1df3a09d26202b0724af474ef4edd20605f3de42f8d - home: https://github.com/truecharts/apps/tree/master/charts/stable/transmission - icon: https://upload.wikimedia.org/wikipedia/commons/6/6d/Transmission_icon.png - keywords: - - transmission - - torrent - - usenet - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: transmission - sources: - - https://github.com/transmission/transmission - - https://hub.docker.com/r/linuxserver/transmission - type: application - urls: - - https://github.com/truecharts/apps/releases/download/transmission-9.0.17/transmission-9.0.17.tgz - version: 9.0.17 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -241372,36 +236141,6 @@ entries: - https://github.com/truecharts/apps/releases/download/transmission-3.1.5/transmission-3.1.5.tgz version: 3.1.5 truecommand: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - Administration - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.0.2 - created: "2021-12-04T20:11:35.64870795Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Aggregated management of TrueNAS devices - digest: 00450c28fc61ac569982a03ed938423c3e939f1ec82da31b02b19f721da114f1 - home: https://github.com/truecharts/apps/tree/master/charts/stable/truecommand - icon: https://www.ixsystems.com/documentation/truecommand/1.2/_static/tv-logo.png - keywords: - - truecommand - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: truecommand - sources: - - https://hub.docker.com/r/ixsystems/truecommand - type: application - urls: - - https://github.com/truecharts/apps/releases/download/truecommand-9.0.15/truecommand-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -243953,40 +238692,6 @@ entries: - https://github.com/truecharts/apps/releases/download/truecommand-3.1.5/truecommand-3.1.5.tgz version: 3.1.5 tt-rss: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.9075.0 - created: "2021-12-04T20:11:35.845480559Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Tiny Tiny RSS is a free and open source web-based news feed (RSS/Atom) - reader and aggregator - digest: 698be08debc5c3e92aee3452d033f602b5a6d3c2cdd3c52ce87c5b788b1600de - home: https://github.com/truecharts/apps/tree/master/charts/stable/tt-rss - icon: https://git.tt-rss.org/fox/tt-rss/raw/branch/master/images/favicon-72px.png - keywords: - - tt-rss - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: tt-rss - sources: - - https://git.tt-rss.org/fox/tt-rss - urls: - - https://github.com/truecharts/apps/releases/download/tt-rss-4.0.11/tt-rss-4.0.11.tgz - version: 4.0.11 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -244624,39 +239329,6 @@ entries: - https://github.com/truecharts/apps/releases/download/tt-rss-0.0.1/tt-rss-0.0.1.tgz version: 0.0.1 tvheadend: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "63784405" - created: "2021-12-04T20:11:36.024208321Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: TVheadend - a TV streaming server and digital video recorder - digest: 0516f205cf6062ae10b6f68b9ae9c5aa689efb794b555d0e1e9a3e15bc4e66b4 - home: https://github.com/truecharts/apps/tree/master/charts/stable/tvheadend - icon: https://avatars.githubusercontent.com/u/1908588?s=200&v=4 - keywords: - - tvheadend - - tv - - streaming - - dvb - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: tvheadend - sources: - - https://github.com/tvheadend/tvheadend - type: application - urls: - - https://github.com/truecharts/apps/releases/download/tvheadend-10.0.15/tvheadend-10.0.15.tgz - version: 10.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -247226,41 +241898,6 @@ entries: - https://github.com/truecharts/apps/releases/download/tvheadend-4.1.5/tvheadend-4.1.5.tgz version: 4.1.5 twtxt: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.1.1 - created: "2021-12-04T20:11:36.213554869Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A Self-Hosted, Twitter™-like Decentralised microBlogging platform. - No ads, no tracking, your content, your data! - digest: a61432e120c8c651a14ada15405fe9f509e138baaa31673254a4418b3266fa5a - home: https://github.com/truecharts/apps/tree/master/charts/stable/twtxt - icon: https://twtxt.net/media/XsLsDHuisnXcL6NuUkYguK.png - keywords: - - twtxt - - blogging - - blog - - social-network - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: twtxt - sources: - - https://github.com/prologic/twtxt - - https://github.com/nicholaswilde/docker-twtxt - type: application - urls: - - https://github.com/truecharts/apps/releases/download/twtxt-1.0.15/twtxt-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -247522,38 +242159,6 @@ entries: - https://github.com/truecharts/apps/releases/download/twtxt-0.0.2/twtxt-0.0.2.tgz version: 0.0.2 unifi: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - Networking - truecharts.org/grade: U - apiVersion: v2 - appVersion: 6.5.53 - created: "2021-12-04T20:11:36.394256747Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Ubiquiti Network's Unifi Controller - digest: 60a797e5d23e9353d278f2fe63aa4d7d850372aaec5fc24a9b380df1c1b99f25 - home: https://github.com/truecharts/apps/tree/master/charts/stable/unifi - icon: https://dl.ubnt.com/press/logo-UniFi.png - keywords: - - ubiquiti - - unifi - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: unifi - sources: - - https://github.com/jacobalberty/unifi-docker - - https://unifi-network.ui.com - type: application - urls: - - https://github.com/truecharts/apps/releases/download/unifi-9.0.15/unifi-9.0.15.tgz - version: 9.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -250255,43 +244860,6 @@ entries: - https://github.com/truecharts/apps/releases/download/unifi-poller-0.0.1/unifi-poller-0.0.1.tgz version: 0.0.1 unpackerr: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.9.8 - created: "2021-12-04T20:11:36.553056945Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: This application runs as a daemon on your download host. It checks - for completed downloads and extracts them so Radarr, Lidarr, Sonarr, and Readarr - may import them - digest: 11e77b1f51b13798b1eecb40c3bc0b27e3e9ecfe63c85e58f4949869386019ae - home: https://github.com/truecharts/apps/tree/master/charts/stable/unpackrr - icon: https://raw.githubusercontent.com/wiki/davidnewhall/unpackerr/images/unpackerr-logo-text.png - keywords: - - unpackerr - - sonarr - - radarr - - lidarr - - readarr - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: unpackerr - sources: - - https://github.com/davidnewhall/unpackerr - - https://hub.docker.com/r/golift/unpackerr - type: application - urls: - - https://github.com/truecharts/apps/releases/download/unpackerr-4.0.15/unpackerr-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -252745,40 +247313,6 @@ entries: - https://github.com/truecharts/apps/releases/download/unpackerr-1.0.0/unpackerr-1.0.0.tgz version: 1.0.0 unpoller: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - metrics - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.1.3 - created: "2021-12-04T20:11:36.74570382Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Collect ALL UniFi Controller, Site, Device & Client Data - Export - to InfluxDB or Prometheus - digest: ee6d835d683cc0d91088de4152974736682a0cd05e801f7fae07f37bc364a824 - home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/unifi-poller - icon: https://raw.githubusercontent.com/wiki/unifi-poller/unifi-poller/images/unifi-poller-logo.png - keywords: - - unifi - - unifi-poller - - metrics - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: unpoller - sources: - - https://github.com/unifi-poller/unifi-poller - - https://hub.docker.com/r/golift/unifi-poller - type: application - urls: - - https://github.com/truecharts/apps/releases/download/unpoller-1.0.6/unpoller-1.0.6.tgz - version: 1.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -252882,37 +247416,6 @@ entries: - https://github.com/truecharts/apps/releases/download/unpoller-1.0.1/unpoller-1.0.1.tgz version: 1.0.1 uptime-kuma: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - monitoring - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.10.2 - created: "2021-12-04T20:11:36.928820718Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A fancy self-hosted monitoring tool - digest: e1c9589a7c900b9909364a26612bce901763f76c3fc924c7f788477ae8a66339 - home: https://github.com/louislam/uptime-kuma - icon: https://raw.githubusercontent.com/louislam/uptime-kuma/master/public/icon.png - keywords: - - monitoring - - uptime - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: uptime-kuma - sources: - - https://github.com/louislam/uptime-kuma - type: application - urls: - - https://github.com/truecharts/apps/releases/download/uptime-kuma-1.0.16/uptime-kuma-1.0.16.tgz - version: 1.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -253168,40 +247671,6 @@ entries: - https://github.com/truecharts/apps/releases/download/uptime-kuma-0.0.1/uptime-kuma-0.0.1.tgz version: 0.0.1 uptimerobot-prometheus: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - metrics - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.0.1 - created: "2021-12-04T20:11:37.109810597Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Prometheus Exporter for the official uptimerobot CLI - digest: 068376aa9de96d9e86d0aa125718b6e939c30d638114f59f5b788e30e5780f51 - home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/uptimerobot-prometheus - icon: https://cdn.foliovision.com/images/2019/03/icon-uptimerobot-1024.png - keywords: - - uptimerobot - - prometheus - - grafana - - metrics - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: uptimerobot-prometheus - sources: - - https://github.com/lekpamartin/uptimerobot_exporter - - https://github.com/k8s-at-home/charts/tree/master/charts/uptimerobot-prometheus - type: application - urls: - - https://github.com/truecharts/apps/releases/download/uptimerobot-prometheus-1.0.5/uptimerobot-prometheus-1.0.5.tgz - version: 1.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -253339,37 +247808,6 @@ entries: - https://github.com/truecharts/apps/releases/download/uptimerobot-prometheus-0.0.1/uptimerobot-prometheus-0.0.1.tgz version: 0.0.1 valheim: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: latest - created: "2021-12-04T20:11:37.315903783Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Valheim dedicated gameserver with automatic update and world backup - support - digest: ad6a221849947d44815c27f8bf98617ab1c25fedb7b04cf836411a3a17a14c27 - home: https://github.com/truecharts/apps/tree/master/charts/stable/valheim - icon: https://raw.githubusercontent.com/lloesche/valheim-server-docker/main/misc/Logo_valheim.png - keywords: - - valheim - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: valheim - sources: - - https://github.com/lloesche/valheim-server-docker - - https://hub.docker.com/r/lloesche/valheim-server - urls: - - https://github.com/truecharts/apps/releases/download/valheim-1.0.15/valheim-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -253599,45 +248037,6 @@ entries: - https://github.com/truecharts/apps/releases/download/valheim-0.0.2/valheim-0.0.2.tgz version: 0.0.2 vaultwarden: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - security - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.23.0 - created: "2021-12-04T20:11:37.539737613Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Unofficial Bitwarden compatible server written in Rust - digest: 3a81cd8776088cfdc842746869cb166b009e36c72c08eacf084a24408ace0422 - home: https://github.com/truecharts/apps/tree/master/charts/stable/vaultwarden - icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png - keywords: - - bitwarden - - bitwardenrs - - bitwarden_rs - - vaultwarden - - password - - rust - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: vaultwarden - sources: - - https://github.com/dani-garcia/vaultwarden - type: application - urls: - - https://github.com/truecharts/apps/releases/download/vaultwarden-13.0.6/vaultwarden-13.0.6.tgz - version: 13.0.6 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -259250,38 +253649,6 @@ entries: - https://github.com/truecharts/apps/releases/download/vaultwarden-1.0.0/vaultwarden-1.0.0.tgz version: 1.0.0 whoogle: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 0.6.0 - created: "2021-12-04T20:11:37.725678633Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A self-hosted, ad-free, privacy-respecting metasearch engine - digest: 4b19ae1edf21c830a9dc015f7185dff8c9ac1d29bd805d82acc5d3d91bf83c3e - home: https://github.com/truecharts/apps/tree/master/charts/stable/whoogle - icon: https://raw.githubusercontent.com/benbusby/whoogle-search/develop/docs/banner.png - keywords: - - whoogle - - search - - open source - - privacy - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: whoogle - sources: - - https://github.com/benbusby/whoogle-search - urls: - - https://github.com/truecharts/apps/releases/download/whoogle-1.0.15/whoogle-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -259519,40 +253886,6 @@ entries: - https://github.com/truecharts/apps/releases/download/whoogle-0.0.2/whoogle-0.0.2.tgz version: 0.0.2 wiki: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 900b76a - created: "2021-12-04T20:11:37.902272177Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: A self-hosted well uh wiki engine or content management system. - digest: f81ad7769a378fc892c5497f28fab9ab8de60d52d04876517fa95abceca0d9da - home: https://github.com/truecharts/apps/tree/master/charts/stable/wiki - keywords: - - wiki - - web - - blog - - cms - - app - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: wiki - sources: - - https://github.com/prologic/wiki - - https://github.com/nicholaswilde/docker-wiki - type: application - urls: - - https://github.com/truecharts/apps/releases/download/wiki-1.0.15/wiki-1.0.15.tgz - version: 1.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -259806,42 +254139,6 @@ entries: - https://github.com/truecharts/apps/releases/download/wiki-0.0.2/wiki-0.0.2.tgz version: 0.0.2 wikijs: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: "2.5" - created: "2021-12-04T20:11:38.111635689Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: postgresql.enabled - name: postgresql - repository: https://truecharts.org/ - version: 6.0.18 - description: Make documentation a joy to write using Wiki.js's beautiful and intuitive - interface! - digest: 826194ec0da4dc630bbb82d76c99bedd16112387e92bbaa4f408f522b914b9ec - home: https://github.com/truecharts/apps/tree/master/charts/stable/wikijs - icon: https://static.requarks.io/logo/wikijs-butterfly.svg - keywords: - - wiki - - wikijs - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: wikijs - sources: - - https://hub.docker.com/r/linuxserver/wikijs/ - - https://github.com/Requarks/wiki - urls: - - https://github.com/truecharts/apps/releases/download/wikijs-4.0.5/wikijs-4.0.5.tgz - version: 4.0.5 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -260193,41 +254490,6 @@ entries: - https://github.com/truecharts/apps/releases/download/wikijs-0.0.1/wikijs-0.0.1.tgz version: 0.0.1 xbackbone: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - files - truecharts.org/grade: U - apiVersion: v2 - appVersion: 3.3.3 - created: "2021-12-04T20:11:38.310759317Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - - condition: mariadb.enabled - name: mariadb - repository: https://truecharts.org/ - version: 1.0.20 - description: XBackBone is a simple, self-hosted, lightweight PHP file manager - digest: 6a7cce11ea565d0fa86fd7c10734a38e0b8b8a78e3740770dd2f49387fc676f0 - home: https://github.com/truechartsapps/tree/master/charts/stable/xbackbone - icon: https://github.com/SergiX44/XBackBone/raw/master/.github/xbackbone.png - keywords: - - xbackbone - - xshare - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: xbackbone - sources: - - https://github.com/SergiX44/XBackBone - - https://hub.docker.com/r/pe46dro/xbackbone-docker - urls: - - https://github.com/truecharts/apps/releases/download/xbackbone-0.0.4/xbackbone-0.0.4.tgz - version: 0.0.4 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -260299,39 +254561,6 @@ entries: - https://github.com/truecharts/apps/releases/download/xbackbone-0.0.1/xbackbone-0.0.1.tgz version: 0.0.1 xteve: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 2.2.0.200 - created: "2021-12-04T20:11:38.511725961Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: M3U Proxy for Plex DVR and Emby Live TV. - digest: 4b679f2b77471af2b39f2beced8ed8f51ae2a25828a0ad07f1cc3b2731d16904 - home: https://github.com/truechartsapps/tree/master/charts/stable/xteve - icon: https://raw.githubusercontent.com/xteve-project/xTeVe/master/html/img/logo_b_880x200.jpg - keywords: - - xteve - - iptv - - plex - - emby - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: xteve - sources: - - https://github.com/xteve-project/xTeVe - - https://github.com/k8s-at-home/container-images - urls: - - https://github.com/truecharts/apps/releases/download/xteve-4.0.15/xteve-4.0.15.tgz - version: 4.0.15 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -261949,38 +256178,6 @@ entries: - https://github.com/truecharts/apps/releases/download/xteve-1.0.1/xteve-1.0.1.tgz version: 1.0.1 zigbee2mqtt: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - media - truecharts.org/grade: U - apiVersion: v2 - appVersion: 1.22.1 - created: "2021-12-04T20:11:38.693806849Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Bridges events and allows you to control your Zigbee devices via - MQTT - digest: a97cc8875f67279c78b14d0913bc4f41957752b2f56166db52ad0083f4864bdd - home: https://github.com/truecharts/apps/tree/master/charts/stable/zigbee2mqtt - icon: https://www.zigbee2mqtt.io/images/logo.png - keywords: - - zigbee - - mqtt - - home-assistant - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: zigbee2mqtt - sources: - - https://github.com/Koenkk/zigbee2mqtt - urls: - - https://github.com/truecharts/apps/releases/download/zigbee2mqtt-1.0.16/zigbee2mqtt-1.0.16.tgz - version: 1.0.16 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -262250,41 +256447,6 @@ entries: - https://github.com/truecharts/apps/releases/download/zigbee2mqtt-0.0.2/zigbee2mqtt-0.0.2.tgz version: 0.0.2 zwavejs2mqtt: - - annotations: - truecharts.org/SCALE-support: "true" - truecharts.org/catagories: | - - tools - truecharts.org/grade: U - apiVersion: v2 - appVersion: 6.0.3 - created: "2021-12-04T20:11:38.883726102Z" - dependencies: - - name: common - repository: https://truecharts.org - version: 8.9.10 - description: Fully configurable Zwave to MQTT gateway and Control Panel using - NodeJS and Vue - digest: e853dabcf8d7c1012f1f5a1beca2ae3dc53829b19f3ef2a76325c292eac116e3 - home: https://github.com/truecharts/apps/tree/master/charts/stable/zwavejs2mqtt - icon: https://raw.githubusercontent.com/zwave-js/zwavejs2mqtt/master/static/logo.png - keywords: - - zwavejs2mqtt - - zwave-js - - z-wave - - zwave - kubeVersion: '>=1.16.0-0' - maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org - name: zwavejs2mqtt - sources: - - https://github.com/zwave-js/zwavejs2mqtt - - https://hub.docker.com/r/zwavejs/zwavejs2mqtt - type: application - urls: - - https://github.com/truecharts/apps/releases/download/zwavejs2mqtt-9.0.19/zwavejs2mqtt-9.0.19.tgz - version: 9.0.19 - annotations: truecharts.org/SCALE-support: "true" truecharts.org/catagories: | @@ -266209,4 +260371,4 @@ entries: urls: - https://github.com/truecharts/apps/releases/download/zwavejs2mqtt-3.1.5/zwavejs2mqtt-3.1.5.tgz version: 3.1.5 -generated: "2021-12-04T20:11:38.987556951Z" +generated: "2021-12-04T20:34:31.821077178Z"