docker.io/enwaiax/x-ui:latest linux/amd64

docker.io/enwaiax/x-ui:latest - Trivy安全扫描结果扫描时间: 2024-11-18 00:42

全部漏洞信息

低危漏洞:2

中危漏洞:11

高危漏洞:11

严重漏洞:0

系统OS: alpine 3.20.3 扫描引擎: Trivy 扫描时间: 2024-11-18 00:42

docker.io/enwaiax/x-ui:latest (alpine 3.20.3) (alpine)

低危漏洞:2

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libcrypto3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35
libssl3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

libcrypto3

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

libssl3

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2024-11-08 16:35

usr/local/bin/bin/xray-linux-amd64 (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/bin/x-ui (gobinary)

低危漏洞:0

中危漏洞:11

高危漏洞:11

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/gin-gonic/gin	CVE-2020-28483	高危	v1.7.1	1.7.7	gin: HTTP response splitting 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28483 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2021-01-20 18:15 修改: 2021-05-11 19:14
github.com/pires/go-proxyproto	CVE-2021-23409	高危	v0.5.0	0.6.1	The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23409 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2021-07-21 07:15 修改: 2021-07-29 18:20
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20210322153248-0c34fe9e7dc2	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210330230544-e57232859fb2	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210330230544-e57232859fb2	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210330230544-e57232859fb2	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210330230544-e57232859fb2	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2021-31525	中危	v0.0.0-20210330230544-e57232859fb2	0.0.0-20210428140749-89ef3d95e781	golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31525 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2021-05-27 13:15 修改: 2023-11-07 03:34
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210330230544-e57232859fb2	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210330230544-e57232859fb2	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210330230544-e57232859fb2	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210330230544-e57232859fb2	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20210511113859-b0526f3d8744	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
github.com/gin-gonic/gin	CVE-2023-26125	中危	v1.7.1	1.9.0	golang-github-gin-gonic-gin: Improper Input Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26125 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2023-05-04 05:15 修改: 2023-11-07 04:09
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20210322153248-0c34fe9e7dc2	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2023-12-18 16:15 修改: 2024-05-01 18:15
github.com/gin-gonic/gin	CVE-2023-29401	中危	v1.7.1	1.9.1	golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29401 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2023-06-08 21:15 修改: 2023-06-16 12:45
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:e16591c4e26ff7f7cfd13c4e99b68456c693324dcb1da4417b42de3b8eab167d 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35