docker.io/minio/minio:RELEASE.2023-05-27T05-56-19Z linux/amd64
docker.io/minio/minio:RELEASE.2023-05-27T05-56-19Z - Trivy安全扫描结果 扫描时间: 2024-11-25 20:27
全部漏洞信息
低危漏洞:104
中危漏洞:109
高危漏洞:23
严重漏洞:1
系统OS: redhat 8.8 扫描引擎: Trivy 扫描时间: 2024-11-25 20:27
docker.io/minio/minio:RELEASE.2023-05-27T05-56-19Z (redhat 8.8) (redhat)
低危漏洞:103
中危漏洞:80
高危漏洞:13
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| glibc | CVE-2023-4911 | 高危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: buffer overflow in ld.so leading to privilege escalation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4911 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-10-03 18:15 修改: 2024-09-17 19:46 |
| glibc | CVE-2024-2961 | 高危 | 2.28-225.el8 | 2.28-251.el8_10.1 |
glibc: Out of bounds write in iconv may lead to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15 |
| glibc | CVE-2024-33599 | 高危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: stack-based buffer overflow in netgroup cache
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| glibc-common | CVE-2023-4911 | 高危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: buffer overflow in ld.so leading to privilege escalation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4911 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-10-03 18:15 修改: 2024-09-17 19:46 |
| glibc-common | CVE-2024-2961 | 高危 | 2.28-225.el8 | 2.28-251.el8_10.1 |
glibc: Out of bounds write in iconv may lead to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15 |
| glibc-common | CVE-2024-33599 | 高危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: stack-based buffer overflow in netgroup cache
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| glibc-minimal-langpack | CVE-2023-4911 | 高危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: buffer overflow in ld.so leading to privilege escalation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4911 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-10-03 18:15 修改: 2024-09-17 19:46 |
| glibc-minimal-langpack | CVE-2024-2961 | 高危 | 2.28-225.el8 | 2.28-251.el8_10.1 |
glibc: Out of bounds write in iconv may lead to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15 |
| glibc-minimal-langpack | CVE-2024-33599 | 高危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: stack-based buffer overflow in netgroup cache
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| krb5-libs | CVE-2022-42898 | 高危 | 1.18.2-22.el8_7 | 1.18.2-25.el8_8 |
krb5: integer overflow vulnerabilities in PAC parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15 |
| krb5-libs | CVE-2024-3596 | 高危 | 1.18.2-22.el8_7 | 1.18.2-30.el8_10 |
freeradius: forgery attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-07-09 12:15 修改: 2024-07-23 09:15 |
| libnghttp2 | CVE-2023-44487 | 高危 | 1.33.0-3.el8_2.1 | 1.33.0-5.el8_8 |
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57 |
| pam | CVE-2024-10963 | 高危 | 1.3.1-25.el8 |
pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10963 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-11-07 16:15 修改: 2024-11-11 18:15 |
|
| expat | CVE-2024-45492 | 中危 | 2.2.5-11.el8 | 2.2.5-15.el8_10 |
libexpat: integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28 |
| expat | CVE-2024-50602 | 中危 | 2.2.5-11.el8 | 2.2.5-16.el8_10 |
libexpat: expat: DoS via XML_ResumeParser
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35 |
| glib2 | CVE-2024-34397 | 中危 | 2.56.4-161.el8 |
glib2: Signal subscription vulnerabilities
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34397 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-07 18:15 修改: 2024-11-15 18:35 |
|
| glib2 | CVE-2024-52533 | 中危 | 2.56.4-161.el8 |
glib: buffer overflow in set_connect_msg()
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52533 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-11-11 23:15 修改: 2024-11-23 21:15 |
|
| curl | CVE-2023-27536 | 中危 | 7.61.1-30.el8_8.2 | 7.61.1-30.el8_8.3 |
curl: GSS delegation too eager connection re-use
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27536 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:46 |
| curl | CVE-2023-28321 | 中危 | 7.61.1-30.el8_8.2 | 7.61.1-30.el8_8.3 |
curl: IDN wildcard match may lead to Improper Cerificate Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28321 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-26 21:15 修改: 2023-11-07 04:10 |
| curl | CVE-2023-46218 | 中危 | 7.61.1-30.el8_8.2 | 7.61.1-33.el8_9.5 |
curl: information disclosure by exploiting a mixed case flaw
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-07 01:15 修改: 2024-01-25 14:15 |
| glibc | CVE-2023-4527 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: Stack read overflow in getaddrinfo in no-aaaa mode
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4527 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15 |
| glibc | CVE-2023-4806 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: potential use-after-free in getaddrinfo()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15 |
| glibc | CVE-2023-4813 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: potential use-after-free in gaih_inet()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15 |
| glibc | CVE-2024-33600 | 中危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: null pointer dereferences after failed netgroup cache insertion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| curl | CVE-2024-2398 | 中危 | 7.61.1-30.el8_8.2 | 7.61.1-34.el8_10.2 |
curl: HTTP/2 push headers memory-leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-03-27 08:15 修改: 2024-07-30 02:15 |
| dbus | CVE-2023-34969 | 中危 | 1:1.12.8-24.el8 | 1:1.12.8-24.el8_8.1 |
dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34969 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-06-08 03:15 修改: 2023-12-27 16:36 |
| dbus-common | CVE-2023-34969 | 中危 | 1:1.12.8-24.el8 | 1:1.12.8-24.el8_8.1 |
dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34969 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-06-08 03:15 修改: 2023-12-27 16:36 |
| glibc-common | CVE-2023-4527 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: Stack read overflow in getaddrinfo in no-aaaa mode
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4527 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15 |
| glibc-common | CVE-2023-4806 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: potential use-after-free in getaddrinfo()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15 |
| glibc-common | CVE-2023-4813 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: potential use-after-free in gaih_inet()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15 |
| glibc-common | CVE-2024-33600 | 中危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: null pointer dereferences after failed netgroup cache insertion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| dbus-daemon | CVE-2023-34969 | 中危 | 1:1.12.8-24.el8 | 1:1.12.8-24.el8_8.1 |
dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34969 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-06-08 03:15 修改: 2023-12-27 16:36 |
| dbus-libs | CVE-2023-34969 | 中危 | 1:1.12.8-24.el8 | 1:1.12.8-24.el8_8.1 |
dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34969 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-06-08 03:15 修改: 2023-12-27 16:36 |
| dbus-tools | CVE-2023-34969 | 中危 | 1:1.12.8-24.el8 | 1:1.12.8-24.el8_8.1 |
dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34969 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-06-08 03:15 修改: 2023-12-27 16:36 |
| glibc-minimal-langpack | CVE-2023-4527 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: Stack read overflow in getaddrinfo in no-aaaa mode
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4527 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15 |
| glibc-minimal-langpack | CVE-2023-4806 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: potential use-after-free in getaddrinfo()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15 |
| glibc-minimal-langpack | CVE-2023-4813 | 中危 | 2.28-225.el8 | 2.28-225.el8_8.6 |
glibc: potential use-after-free in gaih_inet()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15 |
| glibc-minimal-langpack | CVE-2024-33600 | 中危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: null pointer dereferences after failed netgroup cache insertion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| gmp | CVE-2021-43618 | 中危 | 1:6.1.2-10.el8 | 1:6.1.2-11.el8 |
gmp: Integer overflow and resultant buffer overflow via crafted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43618 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2021-11-15 04:15 修改: 2023-09-29 15:15 |
| gnutls | CVE-2023-5981 | 中危 | 3.6.16-6.el8_7 | 3.6.16-8.el8_9 |
gnutls: timing side-channel in the RSA-PSK authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5981 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-11-28 12:15 修改: 2024-09-16 13:15 |
| gnutls | CVE-2024-0553 | 中危 | 3.6.16-6.el8_7 | 3.6.16-8.el8_9.1 |
gnutls: incomplete fix for CVE-2023-5981
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0553 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-01-16 12:15 修改: 2024-09-16 13:15 |
| gnutls | CVE-2024-28834 | 中危 | 3.6.16-6.el8_7 | 3.6.16-8.el8_9.3 |
gnutls: vulnerable to Minerva side-channel information leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28834 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-03-21 14:15 修改: 2024-11-21 21:15 |
| expat | CVE-2022-23990 | 中危 | 2.2.5-11.el8 |
expat: integer overflow in the doProlog function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23990 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2022-01-26 19:15 修改: 2023-11-07 03:44 |
|
| expat | CVE-2023-52425 | 中危 | 2.2.5-11.el8 | 2.2.5-11.el8_9.1 |
expat: parsing large tokens can trigger a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52425 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-02-04 20:15 修改: 2024-08-26 20:35 |
| krb5-libs | CVE-2020-17049 | 中危 | 1.18.2-22.el8_7 |
Kerberos: delegation constrain bypass in S4U2Proxy
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-17049 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2020-11-11 07:15 修改: 2024-09-10 16:15 |
|
| krb5-libs | CVE-2023-5455 | 中危 | 1.18.2-22.el8_7 |
ipa: Invalid CSRF protection
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5455 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-01-10 13:15 修改: 2024-09-16 16:15 |
|
| krb5-libs | CVE-2024-37370 | 中危 | 1.18.2-22.el8_7 | 1.18.2-29.el8_10 |
krb5: GSS message token handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48 |
| krb5-libs | CVE-2024-37371 | 中危 | 1.18.2-22.el8_7 | 1.18.2-29.el8_10 |
krb5: GSS message token handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39 |
| libcap | CVE-2023-2603 | 中危 | 2.48-4.el8 | 2.48-5.el8_8 |
libcap: Integer Overflow in _libcap_strdup()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2603 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-06-06 20:15 修改: 2024-10-10 16:32 |
| libcurl | CVE-2023-27536 | 中危 | 7.61.1-30.el8_8.2 | 7.61.1-30.el8_8.3 |
curl: GSS delegation too eager connection re-use
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27536 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:46 |
| libcurl | CVE-2023-28321 | 中危 | 7.61.1-30.el8_8.2 | 7.61.1-30.el8_8.3 |
curl: IDN wildcard match may lead to Improper Cerificate Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28321 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-26 21:15 修改: 2023-11-07 04:10 |
| libcurl | CVE-2023-46218 | 中危 | 7.61.1-30.el8_8.2 | 7.61.1-33.el8_9.5 |
curl: information disclosure by exploiting a mixed case flaw
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-07 01:15 修改: 2024-01-25 14:15 |
| libcurl | CVE-2024-2398 | 中危 | 7.61.1-30.el8_8.2 | 7.61.1-34.el8_10.2 |
curl: HTTP/2 push headers memory-leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-03-27 08:15 修改: 2024-07-30 02:15 |
| libgcrypt | CVE-2019-12904 | 中危 | 1.8.5-7.el8_6 |
Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12904 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-06-20 00:15 修改: 2024-08-05 00:15 |
|
| libgcrypt | CVE-2024-2236 | 中危 | 1.8.5-7.el8_6 |
libgcrypt: vulnerable to Marvin Attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-03-06 22:15 修改: 2024-11-12 18:15 |
|
| expat | CVE-2024-45490 | 中危 | 2.2.5-11.el8 | 2.2.5-15.el8_10 |
libexpat: Negative Length Parsing Vulnerability in libexpat
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-08-30 03:15 修改: 2024-10-18 12:24 |
| libnghttp2 | CVE-2024-28182 | 中危 | 1.33.0-3.el8_2.1 | 1.33.0-6.el8_10.1 |
nghttp2: CONTINUATION frames DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28182 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-04-04 15:15 修改: 2024-05-01 18:15 |
| libssh | CVE-2023-1667 | 中危 | 0.9.6-6.el8 | 0.9.6-10.el8_8 |
libssh: NULL pointer dereference during rekeying with algorithm guessing
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1667 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-26 18:15 修改: 2023-12-22 10:15 |
| libssh | CVE-2023-2283 | 中危 | 0.9.6-6.el8 | 0.9.6-10.el8_8 |
libssh: authorization bypass in pki_verify_data_signature
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2283 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-26 18:15 修改: 2024-02-01 17:15 |
| libssh | CVE-2023-48795 | 中危 | 0.9.6-6.el8 | 0.9.6-13.el8_9 |
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-18 16:15 修改: 2024-05-01 18:15 |
| libssh-config | CVE-2023-1667 | 中危 | 0.9.6-6.el8 | 0.9.6-10.el8_8 |
libssh: NULL pointer dereference during rekeying with algorithm guessing
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1667 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-26 18:15 修改: 2023-12-22 10:15 |
| libssh-config | CVE-2023-2283 | 中危 | 0.9.6-6.el8 | 0.9.6-10.el8_8 |
libssh: authorization bypass in pki_verify_data_signature
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2283 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-26 18:15 修改: 2024-02-01 17:15 |
| libssh-config | CVE-2023-48795 | 中危 | 0.9.6-6.el8 | 0.9.6-13.el8_9 |
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-18 16:15 修改: 2024-05-01 18:15 |
| libxml2 | CVE-2023-28484 | 中危 | 2.9.7-16.el8 | 2.9.7-16.el8_8.1 |
libxml2: NULL dereference in xmlSchemaFixupComplexType
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28484 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-04-24 21:15 修改: 2024-02-01 17:15 |
| libxml2 | CVE-2023-29469 | 中危 | 2.9.7-16.el8 | 2.9.7-16.el8_8.1 |
libxml2: Hashing of empty dict strings isn't deterministic
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29469 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-04-24 21:15 修改: 2023-06-01 14:15 |
| libxml2 | CVE-2023-39615 | 中危 | 2.9.7-16.el8 | 2.9.7-18.el8_9 |
libxml2: crafted xml can cause global buffer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39615 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-08-29 17:15 修改: 2024-08-02 19:15 |
| libxml2 | CVE-2024-25062 | 中危 | 2.9.7-16.el8 | 2.9.7-18.el8_10.1 |
libxml2: use-after-free in XMLReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25062 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-02-04 16:15 修改: 2024-02-13 00:40 |
| libyaml | CVE-2024-35325 | 中危 | 0.1.7-5.el8 |
libyaml: double-free in yaml_event_delete in /src/libyaml/src/api.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35325 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-06-13 17:15 修改: 2024-08-28 16:15 |
|
| lua-libs | CVE-2020-15945 | 中危 | 5.3.4-12.el8 |
lua: segmentation fault in changedline in ldebug.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15945 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2020-07-24 21:15 修改: 2023-04-20 18:39 |
|
| lz4-libs | CVE-2019-17543 | 中危 | 1.8.3-3.el8_4 |
lz4: heap-based buffer overflow in LZ4_write32
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17543 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-10-14 02:15 修改: 2023-11-07 03:06 |
|
| ncurses-base | CVE-2023-29491 | 中危 | 6.1-9.20180224.el8 | 6.1-9.20180224.el8_8.1 |
ncurses: Local users can trigger security-relevant memory corruption via malformed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15 |
| ncurses-libs | CVE-2023-29491 | 中危 | 6.1-9.20180224.el8 | 6.1-9.20180224.el8_8.1 |
ncurses: Local users can trigger security-relevant memory corruption via malformed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15 |
| expat | CVE-2024-45491 | 中危 | 2.2.5-11.el8 | 2.2.5-15.el8_10 |
libexpat: Integer Overflow or Wraparound
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28 |
| pam | CVE-2024-10041 | 中危 | 1.3.1-25.el8 |
pam: libpam: Libpam vulnerable to read hashed password
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-10-23 14:15 修改: 2024-11-12 21:15 |
|
| pam | CVE-2024-22365 | 中危 | 1.3.1-25.el8 | 1.3.1-33.el8 |
pam: allowing unprivileged user to block another user namespace
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27 |
| rpm | CVE-2021-35937 | 中危 | 4.14.3-26.el8 | 4.14.3-28.el8_9 |
rpm: TOCTOU race in checks for unsafe symlinks
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35937 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-08-25 20:15 修改: 2023-11-07 03:36 |
| rpm | CVE-2021-35938 | 中危 | 4.14.3-26.el8 | 4.14.3-28.el8_9 |
rpm: races with chown/chmod/capabilities calls during installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35938 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-08-25 20:15 修改: 2022-11-29 18:06 |
| rpm | CVE-2021-35939 | 中危 | 4.14.3-26.el8 | 4.14.3-28.el8_9 |
rpm: checks for unsafe symlinks are not performed for intermediary directories
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35939 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-08-26 16:15 修改: 2023-02-04 01:16 |
| rpm-libs | CVE-2021-35937 | 中危 | 4.14.3-26.el8 | 4.14.3-28.el8_9 |
rpm: TOCTOU race in checks for unsafe symlinks
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35937 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-08-25 20:15 修改: 2023-11-07 03:36 |
| rpm-libs | CVE-2021-35938 | 中危 | 4.14.3-26.el8 | 4.14.3-28.el8_9 |
rpm: races with chown/chmod/capabilities calls during installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35938 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-08-25 20:15 修改: 2022-11-29 18:06 |
| rpm-libs | CVE-2021-35939 | 中危 | 4.14.3-26.el8 | 4.14.3-28.el8_9 |
rpm: checks for unsafe symlinks are not performed for intermediary directories
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35939 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-08-26 16:15 修改: 2023-02-04 01:16 |
| sqlite-libs | CVE-2020-24736 | 中危 | 3.26.0-17.el8_7 | 3.26.0-18.el8_8 |
sqlite: Crash due to misuse of window functions.
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24736 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-04-11 18:15 修改: 2023-05-26 20:15 |
| sqlite-libs | CVE-2023-7104 | 中危 | 3.26.0-17.el8_7 | 3.26.0-19.el8_9 |
sqlite: heap-buffer-overflow at sessionfuzz
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7104 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-29 10:15 修改: 2024-05-17 02:34 |
| systemd | CVE-2018-20839 | 中危 | 239-74.el8_8 |
systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20839 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2019-05-17 04:29 修改: 2024-10-24 17:34 |
|
| systemd | CVE-2023-26604 | 中危 | 239-74.el8_8 | 239-74.el8_8.2 |
systemd: privilege escalation via the less pager
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09 |
| systemd | CVE-2023-7008 | 中危 | 239-74.el8_8 | 239-82.el8 |
systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15 |
| systemd-libs | CVE-2018-20839 | 中危 | 239-74.el8_8 |
systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20839 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-05-17 04:29 修改: 2024-10-24 17:34 |
|
| systemd-libs | CVE-2023-26604 | 中危 | 239-74.el8_8 | 239-74.el8_8.2 |
systemd: privilege escalation via the less pager
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09 |
| systemd-libs | CVE-2023-7008 | 中危 | 239-74.el8_8 | 239-82.el8 |
systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15 |
| systemd-pam | CVE-2018-20839 | 中危 | 239-74.el8_8 |
systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20839 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2019-05-17 04:29 修改: 2024-10-24 17:34 |
|
| systemd-pam | CVE-2023-26604 | 中危 | 239-74.el8_8 | 239-74.el8_8.2 |
systemd: privilege escalation via the less pager
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09 |
| systemd-pam | CVE-2023-7008 | 中危 | 239-74.el8_8 | 239-82.el8 |
systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15 |
| tar | CVE-2005-2541 | 中危 | 2:1.30-9.el8 |
tar: does not properly warn the user when extracting setuid or setgid files
漏洞详情: https://avd.aquasec.com/nvd/cve-2005-2541 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2005-08-10 04:00 修改: 2023-11-07 01:57 |
|
| libgcc | CVE-2018-20657 | 低危 | 8.5.0-18.el8 |
libiberty: Memory leak in demangle_template function resulting in a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20657 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-01-02 14:29 修改: 2019-11-06 01:15 |
|
| libgcc | CVE-2019-14250 | 低危 | 8.5.0-18.el8 |
binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14250 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-07-24 04:15 修改: 2023-03-01 18:01 |
|
| libgcc | CVE-2022-27943 | 低危 | 8.5.0-18.el8 |
binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-03-26 13:15 修改: 2023-11-07 03:45 |
|
| dbus-common | CVE-2020-35512 | 低危 | 1:1.12.8-24.el8 |
dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35512 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2021-02-15 17:15 修改: 2023-12-27 16:36 |
|
| curl | CVE-2023-27534 | 低危 | 7.61.1-30.el8_8.2 |
curl: SFTP path ~ resolving discrepancy
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27534 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:54 |
|
| dbus-daemon | CVE-2020-35512 | 低危 | 1:1.12.8-24.el8 |
dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35512 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2021-02-15 17:15 修改: 2023-12-27 16:36 |
|
| glibc-common | CVE-2024-33601 | 低危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: netgroup cache may terminate daemon on memory allocation failure
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| glibc-common | CVE-2024-33602 | 低危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: netgroup cache assumes NSS callback uses in-buffer strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| file-libs | CVE-2019-8905 | 低危 | 5.33-24.el8 |
file: stack-based buffer over-read in do_core_note in readelf.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-8905 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-02-18 17:29 修改: 2021-12-09 19:38 |
|
| file-libs | CVE-2019-8906 | 低危 | 5.33-24.el8 |
file: out-of-bounds read in do_core_note in readelf.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-8906 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-02-18 17:29 修改: 2021-12-09 19:44 |
|
| libssh | CVE-2023-6004 | 低危 | 0.9.6-6.el8 | 0.9.6-14.el8 |
libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6004 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-01-03 17:15 修改: 2024-09-16 18:15 |
| libssh | CVE-2023-6918 | 低危 | 0.9.6-6.el8 | 0.9.6-14.el8 |
libssh: Missing checks for return values for digests
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6918 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-19 00:15 修改: 2024-09-16 18:15 |
| gawk | CVE-2023-4156 | 低危 | 4.2.1-4.el8 |
gawk: heap out of bound read in builtin.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4156 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-25 18:15 修改: 2023-11-07 04:22 |
|
| curl | CVE-2023-28322 | 低危 | 7.61.1-30.el8_8.2 | 7.61.1-33.el8_9.5 |
curl: more POST-after-PUT confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28322 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-26 21:15 修改: 2023-12-22 16:15 |
| dbus-libs | CVE-2020-35512 | 低危 | 1:1.12.8-24.el8 |
dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35512 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2021-02-15 17:15 修改: 2023-12-27 16:36 |
|
| libssh-config | CVE-2023-6004 | 低危 | 0.9.6-6.el8 | 0.9.6-14.el8 |
libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6004 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-01-03 17:15 修改: 2024-09-16 18:15 |
| libssh-config | CVE-2023-6918 | 低危 | 0.9.6-6.el8 | 0.9.6-14.el8 |
libssh: Missing checks for return values for digests
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6918 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-19 00:15 修改: 2024-09-16 18:15 |
| libstdc++ | CVE-2018-20657 | 低危 | 8.5.0-18.el8 |
libiberty: Memory leak in demangle_template function resulting in a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20657 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-01-02 14:29 修改: 2019-11-06 01:15 |
|
| libstdc++ | CVE-2019-14250 | 低危 | 8.5.0-18.el8 |
binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14250 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-07-24 04:15 修改: 2023-03-01 18:01 |
|
| libstdc++ | CVE-2022-27943 | 低危 | 8.5.0-18.el8 |
binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-03-26 13:15 修改: 2023-11-07 03:45 |
|
| libtasn1 | CVE-2018-1000654 | 低危 | 4.13-4.el8_7 |
libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000654 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2018-08-20 19:31 修改: 2023-11-07 02:51 |
|
| glib2 | CVE-2023-29499 | 低危 | 2.56.4-161.el8 |
glib: GVariant offset table entry size is not checked in is_normal()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29499 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-14 20:15 修改: 2023-11-27 14:15 |
|
| glib2 | CVE-2023-32611 | 低危 | 2.56.4-161.el8 |
glib: g_variant_byteswap() can take a long time with some non-normal inputs
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32611 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-14 20:15 修改: 2023-11-27 14:15 |
|
| glibc-minimal-langpack | CVE-2024-33601 | 低危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: netgroup cache may terminate daemon on memory allocation failure
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| glibc-minimal-langpack | CVE-2024-33602 | 低危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: netgroup cache assumes NSS callback uses in-buffer strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| libxml2 | CVE-2023-45322 | 低危 | 2.9.7-16.el8 |
libxml2: use-after-free in xmlUnlinkNode() in tree.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45322 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-10-06 22:15 修改: 2024-08-02 21:15 |
|
| libxml2 | CVE-2024-34459 | 低危 | 2.9.7-16.el8 |
libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34459 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-05-14 15:39 修改: 2024-08-22 18:35 |
|
| glib2 | CVE-2023-32636 | 低危 | 2.56.4-161.el8 |
glib: Timeout in fuzz_variant_text
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32636 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-14 20:15 修改: 2024-01-12 22:09 |
|
| libzstd | CVE-2021-24032 | 低危 | 1.4.4-1.el8 |
zstd: Race condition allows attacker to access world-readable destination file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-24032 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2021-03-04 21:15 修改: 2021-04-28 20:04 |
|
| libzstd | CVE-2022-4899 | 低危 | 1.4.4-1.el8 |
zstd: mysql: buffer overrun in util.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4899 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-31 20:15 修改: 2023-11-07 03:59 |
|
| gnupg2 | CVE-2022-3219 | 低危 | 2.2.20-3.el8_6 |
gnupg: denial of service issue (resource consumption) using compressed packets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31 |
|
| glib2 | CVE-2023-32665 | 低危 | 2.56.4-161.el8 |
glib: GVariant deserialisation does not match spec for non-normal data
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32665 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-09-14 20:15 修改: 2024-04-26 09:15 |
|
| curl | CVE-2023-38546 | 低危 | 7.61.1-30.el8_8.2 | 7.61.1-33.el8_9.5 |
curl: cookie injection with none file
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38546 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-10-18 04:15 修改: 2024-07-09 14:15 |
| ncurses-base | CVE-2018-19211 | 低危 | 6.1-9.20180224.el8 |
ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19211 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2018-11-12 19:29 修改: 2019-04-23 13:15 |
|
| ncurses-base | CVE-2018-19217 | 低危 | 6.1-9.20180224.el8 |
ncurses: Null pointer dereference at function _nc_name_match
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19217 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2018-11-12 19:29 修改: 2024-08-05 12:15 |
|
| ncurses-base | CVE-2020-19185 | 低危 | 6.1-9.20180224.el8 |
ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19185 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:15 修改: 2023-12-13 01:15 |
|
| ncurses-base | CVE-2020-19186 | 低危 | 6.1-9.20180224.el8 |
ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19186 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:15 修改: 2023-12-13 01:15 |
|
| ncurses-base | CVE-2020-19187 | 低危 | 6.1-9.20180224.el8 |
ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19187 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:15 修改: 2023-12-13 01:15 |
|
| ncurses-base | CVE-2020-19188 | 低危 | 6.1-9.20180224.el8 |
ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19188 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:16 修改: 2023-12-13 01:15 |
|
| ncurses-base | CVE-2020-19189 | 低危 | 6.1-9.20180224.el8 |
ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19189 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:16 修改: 2023-12-13 01:15 |
|
| ncurses-base | CVE-2020-19190 | 低危 | 6.1-9.20180224.el8 |
ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19190 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:16 修改: 2023-12-13 01:15 |
|
| ncurses-base | CVE-2021-39537 | 低危 | 6.1-9.20180224.el8 |
ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15 |
|
| ncurses-base | CVE-2023-45918 | 低危 | 6.1-9.20180224.el8 |
ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15 |
|
| ncurses-base | CVE-2023-50495 | 低危 | 6.1-9.20180224.el8 |
ncurses: segmentation fault via _nc_wrap_entry()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15 |
|
| dbus-tools | CVE-2020-35512 | 低危 | 1:1.12.8-24.el8 |
dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35512 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2021-02-15 17:15 修改: 2023-12-27 16:36 |
|
| ncurses-libs | CVE-2018-19211 | 低危 | 6.1-9.20180224.el8 |
ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19211 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2018-11-12 19:29 修改: 2019-04-23 13:15 |
|
| ncurses-libs | CVE-2018-19217 | 低危 | 6.1-9.20180224.el8 |
ncurses: Null pointer dereference at function _nc_name_match
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19217 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2018-11-12 19:29 修改: 2024-08-05 12:15 |
|
| ncurses-libs | CVE-2020-19185 | 低危 | 6.1-9.20180224.el8 |
ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19185 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:15 修改: 2023-12-13 01:15 |
|
| ncurses-libs | CVE-2020-19186 | 低危 | 6.1-9.20180224.el8 |
ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19186 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:15 修改: 2023-12-13 01:15 |
|
| ncurses-libs | CVE-2020-19187 | 低危 | 6.1-9.20180224.el8 |
ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19187 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:15 修改: 2023-12-13 01:15 |
|
| ncurses-libs | CVE-2020-19188 | 低危 | 6.1-9.20180224.el8 |
ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19188 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:16 修改: 2023-12-13 01:15 |
|
| ncurses-libs | CVE-2020-19189 | 低危 | 6.1-9.20180224.el8 |
ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19189 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:16 修改: 2023-12-13 01:15 |
|
| ncurses-libs | CVE-2020-19190 | 低危 | 6.1-9.20180224.el8 |
ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-19190 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-08-22 19:16 修改: 2023-12-13 01:15 |
|
| ncurses-libs | CVE-2021-39537 | 低危 | 6.1-9.20180224.el8 |
ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15 |
|
| ncurses-libs | CVE-2023-45918 | 低危 | 6.1-9.20180224.el8 |
ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15 |
|
| ncurses-libs | CVE-2023-50495 | 低危 | 6.1-9.20180224.el8 |
ncurses: segmentation fault via _nc_wrap_entry()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15 |
|
| openldap | CVE-2023-2953 | 低危 | 2.4.46-18.el8 | 2.4.46-19.el8_10 |
openldap: null pointer dereference in ber_memalloc_x function
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2953 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-30 22:15 修改: 2023-08-02 16:46 |
| openssl-libs | CVE-2023-0464 | 低危 | 1:1.1.1k-9.el8_7 |
openssl: Denial of service by excessive resource usage in verifying X509 policy constraints
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0464 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-22 17:15 修改: 2024-06-21 19:15 |
|
| openssl-libs | CVE-2023-0465 | 低危 | 1:1.1.1k-9.el8_7 |
openssl: Invalid certificate policies in leaf certificates are silently ignored
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0465 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-28 15:15 修改: 2024-02-04 09:15 |
|
| openssl-libs | CVE-2023-0466 | 低危 | 1:1.1.1k-9.el8_7 |
openssl: Certificate policy check not enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0466 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-28 15:15 修改: 2024-02-04 09:15 |
|
| openssl-libs | CVE-2023-2650 | 低危 | 1:1.1.1k-9.el8_7 |
openssl: Possible DoS translating ASN.1 object identifiers
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2650 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-30 14:15 修改: 2024-02-04 09:15 |
|
| openssl-libs | CVE-2023-3446 | 低危 | 1:1.1.1k-9.el8_7 | 1:1.1.1k-12.el8_9 |
openssl: Excessive time spent checking DH keys and parameters
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-07-19 12:15 修改: 2024-10-14 15:15 |
| openssl-libs | CVE-2023-3817 | 低危 | 1:1.1.1k-9.el8_7 | 1:1.1.1k-12.el8_9 |
OpenSSL: Excessive time spent checking DH q parameter value
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-07-31 16:15 修改: 2024-10-14 15:15 |
| openssl-libs | CVE-2023-5678 | 低危 | 1:1.1.1k-9.el8_7 | 1:1.1.1k-12.el8_9 |
openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-11-06 16:15 修改: 2024-10-14 15:15 |
| openssl-libs | CVE-2024-0727 | 低危 | 1:1.1.1k-9.el8_7 |
openssl: denial of service via null dereference
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-01-26 09:15 修改: 2024-10-14 15:15 |
|
| openssl-libs | CVE-2024-2511 | 低危 | 1:1.1.1k-9.el8_7 |
openssl: Unbounded memory growth with session handling in TLSv1.3
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15 |
|
| openssl-libs | CVE-2024-41996 | 低危 | 1:1.1.1k-9.el8_7 |
openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41996 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-08-26 06:15 修改: 2024-08-26 16:35 |
|
| openssl-libs | CVE-2024-4741 | 低危 | 1:1.1.1k-9.el8_7 |
openssl: Use After Free with SSL_free_buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-11-13 11:15 修改: 2024-11-13 17:01 |
|
| openssl-libs | CVE-2024-5535 | 低危 | 1:1.1.1k-9.el8_7 | 1:1.1.1k-14.el8_6 |
openssl: SSL_select_next_proto buffer overread
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15 |
| gnutls | CVE-2021-4209 | 低危 | 3.6.16-6.el8_7 |
GnuTLS: Null pointer dereference in MD_UPDATE
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4209 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-08-24 16:15 修改: 2022-10-27 16:57 |
|
| elfutils-default-yama-scope | CVE-2021-33294 | 低危 | 0.188-3.el8 |
elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33294 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-07-18 14:15 修改: 2023-07-27 15:19 |
|
| elfutils-default-yama-scope | CVE-2024-25260 | 低危 | 0.188-3.el8 |
elfutils: global-buffer-overflow exists in the function ebl_machine_flag_name in eblmachineflagname.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25260 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-02-20 18:15 修改: 2024-08-01 13:47 |
|
| pcre2 | CVE-2022-41409 | 低危 | 10.32-3.el8_6 |
pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46 |
|
| elfutils-libelf | CVE-2021-33294 | 低危 | 0.188-3.el8 |
elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33294 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-07-18 14:15 修改: 2023-07-27 15:19 |
|
| elfutils-libelf | CVE-2024-25260 | 低危 | 0.188-3.el8 |
elfutils: global-buffer-overflow exists in the function ebl_machine_flag_name in eblmachineflagname.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25260 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-02-20 18:15 修改: 2024-08-01 13:47 |
|
| elfutils-libs | CVE-2021-33294 | 低危 | 0.188-3.el8 |
elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33294 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-07-18 14:15 修改: 2023-07-27 15:19 |
|
| glibc | CVE-2024-33601 | 低危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: netgroup cache may terminate daemon on memory allocation failure
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| krb5-libs | CVE-2024-26458 | 低危 | 1.18.2-22.el8_7 | 1.18.2-27.el8_10 |
krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09 |
| krb5-libs | CVE-2024-26461 | 低危 | 1.18.2-22.el8_7 | 1.18.2-27.el8_10 |
krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35 |
| shadow-utils | CVE-2023-4641 | 低危 | 2:4.6-17.el8 | 2:4.6-19.el8 |
shadow-utils: possible password leak during passwd(1) change
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-12-27 16:15 修改: 2024-05-03 16:15 |
| libarchive | CVE-2018-1000879 | 低危 | 3.3.3-5.el8 |
libarchive: NULL pointer dereference in ACL parser resulting in a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000879 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2018-12-20 17:29 修改: 2023-11-07 02:51 |
|
| libarchive | CVE-2018-1000880 | 低危 | 3.3.3-5.el8 |
libarchive: Improper input validation in WARC parser resulting in a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000880 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2018-12-20 17:29 修改: 2023-11-07 02:51 |
|
| sqlite-libs | CVE-2019-19244 | 低危 | 3.26.0-17.el8_7 |
sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19244 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-11-25 20:15 修改: 2022-04-15 16:12 |
|
| sqlite-libs | CVE-2019-9936 | 低危 | 3.26.0-17.el8_7 |
sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-9936 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-03-22 08:29 修改: 2023-11-07 03:13 |
|
| sqlite-libs | CVE-2019-9937 | 低危 | 3.26.0-17.el8_7 |
sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-9937 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-03-22 08:29 修改: 2023-11-07 03:13 |
|
| sqlite-libs | CVE-2023-36191 | 低危 | 3.26.0-17.el8_7 |
sqlite: CLI fault on missing -nonce
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36191 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-06-23 02:15 修改: 2023-11-07 04:16 |
|
| sqlite-libs | CVE-2024-0232 | 低危 | 3.26.0-17.el8_7 |
sqlite: use-after-free bug in jsonParseAddNodeArray
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0232 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-01-16 14:15 修改: 2024-09-28 04:15 |
|
| libarchive | CVE-2020-21674 | 低危 | 3.3.3-5.el8 |
libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-21674 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2020-10-15 15:15 修改: 2020-10-26 15:53 |
|
| glibc | CVE-2024-33602 | 低危 | 2.28-225.el8 | 2.28-251.el8_10.2 |
glibc: netgroup cache assumes NSS callback uses in-buffer strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15 |
| libcap | CVE-2023-2602 | 低危 | 2.48-4.el8 | 2.48-5.el8_8 |
libcap: Memory Leak on pthread_create() Error
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2602 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-06-06 20:15 修改: 2023-11-30 05:15 |
| systemd | CVE-2021-3997 | 低危 | 239-74.el8_8 |
systemd: Uncontrolled recursion in systemd-tmpfiles when removing files
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3997 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2022-08-23 20:15 修改: 2023-05-03 12:15 |
|
| elfutils-libs | CVE-2024-25260 | 低危 | 0.188-3.el8 |
elfutils: global-buffer-overflow exists in the function ebl_machine_flag_name in eblmachineflagname.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25260 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-02-20 18:15 修改: 2024-08-01 13:47 |
|
| bzip2-libs | CVE-2019-12900 | 低危 | 1.0.6-26.el8 | 1.0.6-27.el8_10 |
bzip2: out-of-bounds write in function BZ2_decompress
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12900 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2019-06-19 23:15 修改: 2023-11-07 03:03 |
| dbus | CVE-2020-35512 | 低危 | 1:1.12.8-24.el8 |
dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35512 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2021-02-15 17:15 修改: 2023-12-27 16:36 |
|
| systemd-libs | CVE-2021-3997 | 低危 | 239-74.el8_8 |
systemd: Uncontrolled recursion in systemd-tmpfiles when removing files
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3997 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2022-08-23 20:15 修改: 2023-05-03 12:15 |
|
| ca-certificates | CVE-2023-37920 | 低危 | 2022.2.54-80.2.el8_6 | 2024.2.69_v8.0.303-80.0.el8_10 |
python-certifi: Removal of e-Tugra root certificate
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37920 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-07-25 21:15 修改: 2023-08-12 06:16 |
| libcurl | CVE-2023-27534 | 低危 | 7.61.1-30.el8_8.2 |
curl: SFTP path ~ resolving discrepancy
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27534 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:54 |
|
| libcurl | CVE-2023-28322 | 低危 | 7.61.1-30.el8_8.2 | 7.61.1-33.el8_9.5 |
curl: more POST-after-PUT confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28322 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-05-26 21:15 修改: 2023-12-22 16:15 |
| systemd-pam | CVE-2021-3997 | 低危 | 239-74.el8_8 |
systemd: Uncontrolled recursion in systemd-tmpfiles when removing files
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3997 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2022-08-23 20:15 修改: 2023-05-03 12:15 |
|
| libcurl | CVE-2023-38546 | 低危 | 7.61.1-30.el8_8.2 | 7.61.1-33.el8_9.5 |
curl: cookie injection with none file
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38546 镜像层: sha256:14946186767bc29fcb3592d96f656b4e95dc5a6736fa696729a6c6f26f061bd7 发布日期: 2023-10-18 04:15 修改: 2024-07-09 14:15 |
| tar | CVE-2019-9923 | 低危 | 2:1.30-9.el8 |
tar: null-pointer dereference in pax_decode_header in sparse.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-9923 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2019-03-22 08:29 修改: 2023-11-07 03:13 |
|
| tar | CVE-2021-20193 | 低危 | 2:1.30-9.el8 |
tar: Memory leak in read_header() in list.c
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20193 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2021-03-26 17:15 修改: 2024-10-24 18:15 |
|
| tar | CVE-2023-39804 | 低危 | 2:1.30-9.el8 |
tar: Incorrectly handled extension attributes in PAX archives can lead to a crash
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39804 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-27 04:15 修改: 2024-11-12 19:35 |
opt/bin/minio (gobinary)
低危漏洞:1
中危漏洞:29
高危漏洞:10
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| stdlib | CVE-2024-24790 | 严重 | 1.19.9 | 1.21.11, 1.22.4 |
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35 |
| github.com/nats-io/nkeys | CVE-2023-46129 | 高危 | v0.4.4 | 0.4.6 |
nkeys: xkeys Seal encryption used fixed key for all encryption
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46129 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-10-31 00:15 修改: 2023-11-29 03:15 |
| golang.org/x/net | CVE-2023-39325 | 高危 | v0.10.0 | 0.17.0 |
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15 |
| google.golang.org/grpc | GHSA-m425-mq94-257g | 高危 | v1.55.0 | 1.56.3, 1.57.1, 1.58.3 |
gRPC-Go HTTP/2 Rapid Reset vulnerability
漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| github.com/coredns/coredns | CVE-2023-28452 | 高危 | v1.10.1 | 1.11.0 |
CoreDNS vulnerable to TuDoor Attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28452 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-09-18 15:15 修改: 2024-09-26 18:37 |
| stdlib | CVE-2023-29403 | 高危 | 1.19.9 | 1.19.10, 1.20.5 |
golang: runtime: unexpected behavior of setuid/setgid binaries
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-06-08 21:15 修改: 2023-11-25 11:15 |
| stdlib | CVE-2023-39325 | 高危 | 1.19.9 | 1.20.10, 1.21.3 |
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15 |
| stdlib | CVE-2023-45283 | 高危 | 1.19.9 | 1.20.11, 1.21.4, 1.20.12, 1.21.5 |
The filepath package does not recognize paths with a \??\ prefix as sp ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15 |
| stdlib | CVE-2023-45287 | 高危 | 1.19.9 | 1.20.0 |
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15 |
| stdlib | CVE-2023-45288 | 高危 | 1.19.9 | 1.21.9, 1.22.2 |
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35 |
| stdlib | CVE-2024-34156 | 高危 | 1.19.9 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| golang.org/x/net | CVE-2023-3978 | 中危 | v0.10.0 | 0.13.0 |
golang.org/x/net/html: Cross site scripting
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20 |
| golang.org/x/net | CVE-2023-44487 | 中危 | v0.10.0 | 0.17.0 |
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57 |
| golang.org/x/net | CVE-2023-45288 | 中危 | v0.10.0 | 0.23.0 |
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35 |
| github.com/lestrrat-go/jwx | CVE-2023-49290 | 中危 | v1.2.25 | 1.2.27 |
jwx: Malicious parameters in JWE can cause denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49290 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-12-05 00:15 修改: 2024-03-04 22:59 |
| google.golang.org/grpc | CVE-2023-44487 | 中危 | v1.55.0 | 1.58.3, 1.57.1, 1.56.3 |
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57 |
| google.golang.org/protobuf | CVE-2024-24786 | 中危 | v1.30.0 | 1.33.0 |
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35 |
| gopkg.in/square/go-jose.v2 | CVE-2024-28180 | 中危 | v2.6.0 |
jose-go: improper handling of highly compressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15 |
|
| github.com/lestrrat-go/jwx | CVE-2024-21664 | 中危 | v1.2.25 | 1.2.28 |
jwx: parsing JSON serialized payload without protected field can lead to panic
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21664 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-01-09 20:15 修改: 2024-02-05 16:15 |
| github.com/lestrrat-go/jwx | CVE-2024-28122 | 中危 | v1.2.25 | 1.2.29 |
jwx: denial of service attack using compressed JWE message
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28122 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-09 01:15 修改: 2024-03-11 01:32 |
| github.com/lestrrat-go/jwx | GHSA-rm8v-mxj3-5rmq | 中危 | v1.2.25 | 1.2.26 |
github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack
漏洞详情: https://github.com/advisories/GHSA-rm8v-mxj3-5rmq 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| github.com/coredns/coredns | CVE-2023-30464 | 中危 | v1.10.1 |
CoreDNS Cache Poisoning via a birthday attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30464 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-09-18 21:15 修改: 2024-09-20 12:30 |
|
| github.com/rs/cors | GHSA-mh55-gqvf-xfwm | 中危 | v1.9.0 | 1.11.0 |
Denial of service via malicious preflight requests in github.com/rs/cors
漏洞详情: https://github.com/advisories/GHSA-mh55-gqvf-xfwm 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| golang.org/x/crypto | CVE-2023-48795 | 中危 | v0.9.0 | 0.17.0 |
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-12-18 16:15 修改: 2024-05-01 18:15 |
| github.com/coredns/coredns | CVE-2024-0874 | 中危 | v1.10.1 | 1.11.2 |
coredns: CD bit response is cached and served later
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0874 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-04-25 17:15 修改: 2024-09-11 22:15 |
| stdlib | CVE-2023-29406 | 中危 | 1.19.9 | 1.19.11, 1.20.6 |
golang: net/http: insufficient sanitization of Host header
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15 |
| stdlib | CVE-2023-29409 | 中危 | 1.19.9 | 1.19.12, 1.20.7, 1.21.0-rc.4 |
golang: crypto/tls: slow verification of certificate chains containing large RSA keys
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15 |
| stdlib | CVE-2023-39318 | 中危 | 1.19.9 | 1.20.8, 1.21.1 |
golang: html/template: improper handling of HTML-like comments within script contexts
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15 |
| stdlib | CVE-2023-39319 | 中危 | 1.19.9 | 1.20.8, 1.21.1 |
golang: html/template: improper handling of special tags within script contexts
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15 |
| stdlib | CVE-2023-39326 | 中危 | 1.19.9 | 1.20.12, 1.21.5 |
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15 |
| stdlib | CVE-2023-45284 | 中危 | 1.19.9 | 1.20.11, 1.21.4 |
On Windows, The IsLocal function does not correctly detect reserved de ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35 |
| stdlib | CVE-2023-45289 | 中危 | 1.19.9 | 1.21.8, 1.22.1 |
golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35 |
| stdlib | CVE-2023-45290 | 中危 | 1.19.9 | 1.21.8, 1.22.1 |
golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35 |
| stdlib | CVE-2024-24783 | 中危 | 1.19.9 | 1.21.8, 1.22.1 |
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35 |
| stdlib | CVE-2024-24784 | 中危 | 1.19.9 | 1.21.8, 1.22.1 |
golang: net/mail: comments in display names are incorrectly handled
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35 |
| stdlib | CVE-2024-24785 | 中危 | 1.19.9 | 1.21.8, 1.22.1 |
golang: html/template: errors returned from MarshalJSON methods may break template escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15 |
| stdlib | CVE-2024-24789 | 中危 | 1.19.9 | 1.21.11, 1.22.4 |
golang: archive/zip: Incorrect handling of certain ZIP files
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48 |
| stdlib | CVE-2024-24791 | 中危 | 1.19.9 | 1.21.12, 1.22.5 |
net/http: Denial of service due to improper 100-continue handling in net/http
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17 |
| stdlib | CVE-2024-34155 | 中危 | 1.19.9 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.19.9 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
| github.com/golang-jwt/jwt/v4 | CVE-2024-51744 | 低危 | v4.5.0 | 4.5.1 |
golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:37386200259e632d348da2677afde104c65c369e85c216c65de787a0decbdcf1 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04 |