docker.io/maxkeytop/maxkey-mgt:latest linux/amd64

docker.io/maxkeytop/maxkey-mgt:latest - Trivy安全扫描结果扫描时间: 2024-10-24 15:09

全部漏洞信息

低危漏洞:4

中危漏洞:10

高危漏洞:12

严重漏洞:2

系统OS: alpine 3.20.3 扫描引擎: Trivy 扫描时间: 2024-10-24 15:09

docker.io/maxkeytop/maxkey-mgt:latest (alpine 3.20.3) (alpine)

低危漏洞:3

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libcrypto3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53
libssl3	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85 发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53
openssl	CVE-2024-9143	低危	3.3.2-r0	3.3.2-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:e29c7d3c65688e41696de408b3739f9815ddb7c4330339829fd0aec85f538d31 发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

libcrypto3

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53

libssl3

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53

openssl

CVE-2024-9143

低危

3.3.2-r0

3.3.2-r1

openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:e29c7d3c65688e41696de408b3739f9815ddb7c4330339829fd0aec85f538d31

发布日期: 2024-10-16 17:15 修改: 2024-10-18 12:53

Java (jar)

低危漏洞:1

中危漏洞:10

高危漏洞:12

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
com.github.penggle:kaptcha	CVE-2018-18531	严重	2.3.2		Use of Insufficiently Random Values in penggle:kaptcha 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18531 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2018-10-19 20:29 修改: 2019-01-25 16:29
org.apache.commons:commons-text	CVE-2022-42889	严重	1.9	1.10.0	apache-commons-text: variable interpolation RCE 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42889 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2022-10-13 13:15 修改: 2024-01-19 16:15
ch.qos.logback:logback-classic	CVE-2023-6378	高危	1.3.5	1.3.12, 1.4.12, 1.2.13	logback: serialization vulnerability in logback receiver 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2023-11-29 12:15 修改: 2023-12-05 21:00
com.google.protobuf:protobuf-java	CVE-2024-7254	高危	3.21.11	3.25.5, 4.27.5, 4.28.2	protobuf: StackOverflow vulnerability in Protocol Buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
com.nimbusds:nimbus-jose-jwt	CVE-2023-52428	高危	9.31	9.37.2	nimbus-jose-jwt: large JWE p2c header value causes Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2024-02-11 05:15 修改: 2024-10-16 20:01
com.thoughtworks.xstream:xstream	CVE-2022-40151	高危	1.4.19	1.4.20	xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40151 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2022-09-16 10:15 修改: 2022-09-20 18:11
com.thoughtworks.xstream:xstream	CVE-2022-41966	高危	1.4.19	1.4.20	xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41966 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2022-12-28 00:15 修改: 2023-06-27 14:04
net.minidev:json-smart	CVE-2023-1370	高危	2.4.5	2.4.9	json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1370 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2023-03-22 06:15 修改: 2024-06-21 19:15
org.apache.commons:commons-compress	CVE-2024-25710	高危	1.21	1.26.0	commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
ch.qos.logback:logback-core	CVE-2023-6378	高危	1.3.5	1.3.12, 1.4.12, 1.2.13	logback: serialization vulnerability in logback receiver 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2023-11-29 12:15 修改: 2023-12-05 21:00
org.apache.velocity:velocity	CVE-2020-13936	高危	1.7		velocity: arbitrary code execution when attacker is able to modify templates 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13936 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2021-03-10 08:15 修改: 2023-11-07 03:17
org.owasp.esapi:esapi	CVE-2022-23457	高危	2.2.0.0	2.3.0.0	ESAPI (The OWASP Enterprise Security API) is a free, open source, web ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23457 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2022-04-25 20:15 修改: 2023-02-23 18:47
org.owasp.esapi:esapi	GHSA-7c2q-5qmr-v76q	高危	2.2.0.0	2.5.2.0	DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998 漏洞详情: https://github.com/advisories/GHSA-7c2q-5qmr-v76q 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
org.owasp.esapi:esapi	GHSA-r68h-jhhj-9jvm	高危	2.2.0.0		Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year 漏洞详情: https://github.com/advisories/GHSA-r68h-jhhj-9jvm 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
com.fasterxml.woodstox:woodstox-core	CVE-2022-40152	中危	6.2.8	6.4.0, 5.4.0	woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40152 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2022-09-16 10:15 修改: 2023-02-09 01:36
org.apache.santuario:xmlsec	CVE-2023-44483	中危	2.1.7	2.3.4, 2.2.6, 3.0.3	santuario: Private Key disclosure in debug-log output 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44483 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2023-10-20 10:15 修改: 2023-10-27 18:49
commons-httpclient:commons-httpclient	CVE-2012-5783	中危	3.1	4.0	jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name 漏洞详情: https://avd.aquasec.com/nvd/cve-2012-5783 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2012-11-04 22:55 修改: 2021-04-23 17:28
org.bouncycastle:bcpkix-jdk18on	CVE-2023-33202	中危	1.71	1.73	bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2023-11-23 16:15 修改: 2024-09-09 13:53
org.bouncycastle:bcprov-ext-jdk18on	CVE-2023-33201	中危	1.71	1.74	bouncycastle: potential blind LDAP injection attack using a self-signed certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2023-07-05 03:15 修改: 2023-08-24 19:15
ca.juliusdavies:not-yet-commons-ssl	CVE-2014-3604	中危	0.3.9	0.3.15	SSL: Hostname verification susceptible to MITM attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2014-3604 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2014-10-25 00:55 修改: 2018-01-05 02:29
com.google.guava:guava	CVE-2023-2976	中危	30.1-jre	32.0.0-android	guava: insecure temporary directory creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
org.apache.commons:commons-compress	CVE-2024-26308	中危	1.21	1.26.0	commons-compress: OutOfMemoryError unpacking broken Pack200 file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2024-02-19 09:15 修改: 2024-03-21 19:54
org.owasp.esapi:esapi	CVE-2022-24891	中危	2.2.0.0	2.3.0.0	ESAPI (The OWASP Enterprise Security API) is a free, open source, web ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24891 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2022-04-27 21:15 修改: 2023-06-23 19:33
org.springframework:spring-context	CVE-2024-38820	中危	6.1.13	6.1.14, 6.0.25, 5.3.41	The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2024-10-18 06:15 修改: 2024-10-22 15:42
com.google.guava:guava	CVE-2020-8908	低危	30.1-jre	32.0.0-android	guava: local information disclosure via temporary directory created with unsafe permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908 镜像层: sha256:a7ad2949fdbc69654d57b44b931387422b29223d577061a6b37515f3767b8f15 发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30