docker.io/codeyunze/db-backup-management:26.2.3 linux/amd64

docker.io/codeyunze/db-backup-management:26.2.3 - Trivy安全扫描结果扫描时间: 2026-06-22 20:35

全部漏洞信息

低危漏洞:0

中危漏洞:36

高危漏洞:61

严重漏洞:3

系统OS: alma 9.7 扫描引擎: Trivy 扫描时间: 2026-06-22 20:35

docker.io/codeyunze/db-backup-management:26.2.3 (alma 9.7) (alma)

低危漏洞:0

中危漏洞:35

高危漏洞:60

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
nginx	CVE-2026-42945	严重	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-28.el9_8.2.alma.1	nginx: NGINX: Arbitrary Code Execution Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42945 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-05-13 16:16 修改: 2026-05-21 19:16
nginx-core	CVE-2026-42945	严重	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-28.el9_8.2.alma.1	nginx: NGINX: Arbitrary Code Execution Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42945 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-05-13 16:16 修改: 2026-05-21 19:16
nginx-filesystem	CVE-2026-42945	严重	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-28.el9_8.2.alma.1	nginx: NGINX: Arbitrary Code Execution Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42945 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-05-13 16:16 修改: 2026-05-21 19:16
libarchive	CVE-2026-4111	高危	3.5.3-6.el9_6	3.5.3-7.el9_7	libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4111 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-13 19:55 修改: 2026-06-10 18:17
libarchive	CVE-2026-4424	高危	3.5.3-6.el9_6	3.5.3-9.el9_7	libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4424 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-19 15:16 修改: 2026-06-10 18:17
libarchive	CVE-2026-5121	高危	3.5.3-6.el9_6	3.5.3-9.el9_7	libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5121 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-30 08:16 修改: 2026-06-10 18:17
libcap	CVE-2026-4878	高危	2.48-10.el9	2.48-10.el9_8.1	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-09 16:16 修改: 2026-06-11 10:16
libnghttp2	CVE-2026-27135	高危	1.43.0-6.el9	1.43.0-6.el9_7.1	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-18 18:16 修改: 2026-05-13 22:16
expat	CVE-2026-45186	高危	2.5.0-5.el9_7.1	2.5.0-6.el9_8.1	libexpat: denial of service via crafted XML input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45186 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-05-10 07:16 修改: 2026-05-14 17:20
nginx	CVE-2026-27651	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27651 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-30 14:02
nginx	CVE-2026-27654	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27654 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-26 21:16
nginx	CVE-2026-27784	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27784 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-30 13:59
nginx	CVE-2026-32647	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32647 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-26 21:11
krb5-libs	CVE-2026-40355	高危	1.21.1-8.el9_6	1.21.1-10.el9_8	krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40355 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-28 06:16 修改: 2026-04-28 20:11
nginx-core	CVE-2026-27651	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27651 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-30 14:02
nginx-core	CVE-2026-27654	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27654 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-26 21:16
nginx-core	CVE-2026-27784	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27784 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-30 13:59
nginx-core	CVE-2026-32647	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32647 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-26 21:11
krb5-libs	CVE-2026-40356	高危	1.21.1-8.el9_6	1.21.1-10.el9_8	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40356 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-28 07:16 修改: 2026-04-28 20:11
nginx-filesystem	CVE-2026-27651	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27651 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-30 14:02
nginx-filesystem	CVE-2026-27654	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27654 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-26 21:16
nginx-filesystem	CVE-2026-27784	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27784 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-30 13:59
nginx-filesystem	CVE-2026-32647	高危	2:1.20.1-24.el9_7.1.alma.1	2:1.20.1-24.el9_7.2.alma.1	nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32647 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-24 15:16 修改: 2026-03-26 21:11
openssl	CVE-2026-34180	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
openssl	CVE-2026-34181	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
openssl	CVE-2026-34182	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
openssl	CVE-2026-34183	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
openssl	CVE-2026-42764	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
openssl	CVE-2026-42766	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
openssl	CVE-2026-42767	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
openssl	CVE-2026-42768	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
openssl	CVE-2026-42769	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
openssl	CVE-2026-42770	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
openssl	CVE-2026-45445	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
openssl	CVE-2026-45446	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
openssl	CVE-2026-45447	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
openssl	CVE-2026-7383	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
openssl	CVE-2026-9076	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
openssl-libs	CVE-2026-34180	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
openssl-libs	CVE-2026-34181	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
openssl-libs	CVE-2026-34182	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
openssl-libs	CVE-2026-34183	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
openssl-libs	CVE-2026-42764	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
openssl-libs	CVE-2026-42766	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
openssl-libs	CVE-2026-42767	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
openssl-libs	CVE-2026-42768	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
openssl-libs	CVE-2026-42769	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
openssl-libs	CVE-2026-42770	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
openssl-libs	CVE-2026-45445	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
openssl-libs	CVE-2026-45446	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
openssl-libs	CVE-2026-45447	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
openssl-libs	CVE-2026-7383	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
openssl-libs	CVE-2026-9076	高危	1:3.5.1-7.el9_7	1:3.5.5-4.el9_8	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
python3	CVE-2026-4519	高危	3.9.25-3.el9_7.1	3.9.25-3.el9_7.2	python: Python: Command-line option injection in webbrowser.open() via crafted URLs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4519 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-20 15:16 修改: 2026-04-16 14:53
python3	CVE-2026-4786	高危	3.9.25-3.el9_7.1	3.9.25-7.el9_8	python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4786 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-04-13 22:16 修改: 2026-04-29 16:16
python3	CVE-2026-6100	高危	3.9.25-3.el9_7.1	3.9.25-7.el9_8	python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6100 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-04-13 18:16 修改: 2026-04-17 15:18
python3-libs	CVE-2026-4519	高危	3.9.25-3.el9_7.1	3.9.25-3.el9_7.2	python: Python: Command-line option injection in webbrowser.open() via crafted URLs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4519 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-03-20 15:16 修改: 2026-04-16 14:53
python3-libs	CVE-2026-4786	高危	3.9.25-3.el9_7.1	3.9.25-7.el9_8	python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4786 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-04-13 22:16 修改: 2026-04-29 16:16
python3-libs	CVE-2026-6100	高危	3.9.25-3.el9_7.1	3.9.25-7.el9_8	python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6100 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-04-13 18:16 修改: 2026-04-17 15:18
vim-minimal	CVE-2026-28417	高危	2:8.2.2637-23.el9_7	2:8.2.2637-23.el9_7.2	vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28417 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-02-27 22:16 修改: 2026-03-03 17:50
vim-minimal	CVE-2026-28421	高危	2:8.2.2637-23.el9_7	2:8.2.2637-23.el9_7.2	vim: Vim: Denial of service and information disclosure via crafted swap file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28421 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-02-27 22:16 修改: 2026-03-04 20:47
vim-minimal	CVE-2026-33412	高危	2:8.2.2637-23.el9_7	2:8.2.2637-23.el9_7.2	vim: Vim: Arbitrary code execution via command injection in glob() function 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33412 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-24 20:16 修改: 2026-03-25 21:59
vim-minimal	CVE-2026-34982	高危	2:8.2.2637-23.el9_7	2:8.2.2637-26.el9_8.4	vim: arbitrary command execution via modeline sandbox bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34982 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:10
glib2	CVE-2025-14512	中危	2.68.4-18.el9_7.1	2.68.4-19.el9_8.1	glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14512 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-11 07:16 修改: 2026-06-10 18:16
glibc	CVE-2025-15281	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
libblkid	CVE-2025-14104	中危	2.37.4-21.el9	2.37.4-21.el9_7	util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
glibc	CVE-2026-0861	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: Integer overflow in memalign leads to heap corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
libcurl-minimal	CVE-2025-9086	中危	7.76.1-34.el9	7.76.1-35.el9_7.3	curl: libcurl: Curl out of bounds read for cookie path 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-09-12 06:15 修改: 2026-06-02 14:16
libfdisk	CVE-2025-14104	中危	2.37.4-21.el9	2.37.4-21.el9_7	util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
libmount	CVE-2025-14104	中危	2.37.4-21.el9	2.37.4-21.el9_7	util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
glibc	CVE-2026-0915	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: glibc: Information disclosure via zero-valued network query 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
libsmartcols	CVE-2025-14104	中危	2.37.4-21.el9	2.37.4-21.el9_7	util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
libuuid	CVE-2025-14104	中危	2.37.4-21.el9	2.37.4-21.el9_7	util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
glibc-common	CVE-2025-15281	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
glibc-common	CVE-2026-0861	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: Integer overflow in memalign leads to heap corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
glibc-common	CVE-2026-0915	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: glibc: Information disclosure via zero-valued network query 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
openssl-libs	CVE-2026-28390	中危	1:3.5.1-7.el9_7	1:3.5.5-3.el9_8	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl-libs	CVE-2026-31790	中危	1:3.5.1-7.el9_7	1:3.5.5-2.el9_8	openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
p11-kit	CVE-2026-2100	中危	0.25.3-3.el9_5	0.26.2-1.el9	p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2100 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-26 21:17 修改: 2026-06-02 20:16
p11-kit-trust	CVE-2026-2100	中危	0.25.3-3.el9_5	0.26.2-1.el9	p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2100 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-26 21:17 修改: 2026-06-02 20:16
glibc-minimal-langpack	CVE-2025-15281	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
glibc-minimal-langpack	CVE-2026-0861	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: Integer overflow in memalign leads to heap corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
glibc-minimal-langpack	CVE-2026-0915	中危	2.34-231.el9_7.2	2.34-231.el9_7.10	glibc: glibc: Information disclosure via zero-valued network query 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
gnutls	CVE-2025-14831	中危	3.8.3-9.el9	3.8.3-10.el9_7	gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14831 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-02-09 15:16 修改: 2026-06-10 18:16
gnutls	CVE-2025-9820	中危	3.8.3-9.el9	3.8.3-10.el9_7	gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9820 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-01-26 20:16 修改: 2026-05-12 13:17
curl-minimal	CVE-2025-9086	中危	7.76.1-34.el9	7.76.1-35.el9_7.3	curl: libcurl: Curl out of bounds read for cookie path 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-09-12 06:15 修改: 2026-06-02 14:16
systemd	CVE-2026-29111	中危	252-55.el9_7.7.alma.1	252-67.el9_8.2.alma.1	systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-23 22:16 修改: 2026-04-15 16:44
systemd-libs	CVE-2026-29111	中危	252-55.el9_7.7.alma.1	252-67.el9_8.2.alma.1	systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-23 22:16 修改: 2026-04-15 16:44
systemd-pam	CVE-2026-29111	中危	252-55.el9_7.7.alma.1	252-67.el9_8.2.alma.1	systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-23 22:16 修改: 2026-04-15 16:44
systemd-rpm-macros	CVE-2026-29111	中危	252-55.el9_7.7.alma.1	252-67.el9_8.2.alma.1	systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-03-23 22:16 修改: 2026-04-15 16:44
util-linux	CVE-2025-14104	中危	2.37.4-21.el9	2.37.4-21.el9_7	util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
util-linux-core	CVE-2025-14104	中危	2.37.4-21.el9	2.37.4-21.el9_7	util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
openssl	CVE-2026-28390	中危	1:3.5.1-7.el9_7	1:3.5.5-3.el9_8	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl	CVE-2026-31790	中危	1:3.5.1-7.el9_7	1:3.5.5-2.el9_8	openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
compat-openssl11	CVE-2026-28390	中危	1:1.1.1k-5.el9_7.1	1:1.1.1k-5.el9_8.3	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:8b983400c80ec9c56a8a203d2e2347d450218fdb3b3901601b3c3a9c6a516034 发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
glib2	CVE-2025-14087	中危	2.68.4-18.el9_7.1	2.68.4-19.el9_8.1	glib: GLib: Buffer underflow in GVariant parser leads to heap corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14087 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2025-12-10 09:15 修改: 2026-06-10 18:16
vim-minimal	CVE-2026-25749	中危	2:8.2.2637-23.el9_7	2:8.2.2637-23.el9_7.1	vim: Vim: Arbitrary code execution via 'helpfile' option processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25749 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-02-06 23:15 修改: 2026-06-09 18:28
vim-minimal	CVE-2026-35177	中危	2:8.2.2637-23.el9_7	2:8.2.2637-26.el9_8.5	vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35177 镜像层: sha256:89e48f469bf06603e4069e155bec9090b457bc4d95d35fcc8308ddb81d16cebc 发布日期: 2026-04-06 18:16 修改: 2026-04-20 18:28

Python (python-pkg)

低危漏洞:0

中危漏洞:1

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
cryptography	GHSA-537c-gmf6-5ccf	高危	46.0.6	48.0.1	Vulnerable OpenSSL included in cryptography wheels 漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12
cryptography	CVE-2026-39892	中危	46.0.6	46.0.7	cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39892 镜像层: sha256:060aaf6294c53c13a93d7eeab329454a74f983e4857c5027dc4b24312b90f5b6 发布日期: 2026-04-08 21:17 修改: 2026-04-15 16:12

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

cryptography

GHSA-537c-gmf6-5ccf

高危

46.0.6

48.0.1

Vulnerable OpenSSL included in cryptography wheels