docker.io/neuvector/enforcer:latest - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:1

中危漏洞:4

高危漏洞:9

严重漏洞:1

系统OS: suse linux enterprise server 15.6 扫描引擎: Trivy 扫描时间: 2025-02-08 21:59

docker.io/neuvector/enforcer:latest (suse linux enterprise server 15.6) (suse linux enterprise server)

低危漏洞:0

中危漏洞:4

高危漏洞:5

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
glib2-tools	SUSE-SU-2024:4254-1	高危	2.78.6-150600.4.3.1	2.78.6-150600.4.8.1	Security update for glib2 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgio-2_0-0	SUSE-SU-2024:4254-1	高危	2.78.6-150600.4.3.1	2.78.6-150600.4.8.1	Security update for glib2 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libglib-2_0-0	SUSE-SU-2024:4254-1	高危	2.78.6-150600.4.3.1	2.78.6-150600.4.8.1	Security update for glib2 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgmodule-2_0-0	SUSE-SU-2024:4254-1	高危	2.78.6-150600.4.3.1	2.78.6-150600.4.8.1	Security update for glib2 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgobject-2_0-0	SUSE-SU-2024:4254-1	高危	2.78.6-150600.4.3.1	2.78.6-150600.4.8.1	Security update for glib2 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4	SUSE-SU-2024:4288-1	中危	8.6.0-150600.4.12.1	8.6.0-150600.4.15.1	Security update for curl 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libexpat1	SUSE-SU-2024:4035-1	中危	2.4.4-150400.3.22.1	2.4.4-150400.3.25.1	Security update for expat 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	SUSE-SU-2024:4288-1	中危	8.6.0-150600.4.12.1	8.6.0-150600.4.15.1	Security update for curl 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
wget	SUSE-SU-2024:4145-1	中危	1.20.3-150600.19.6.2	1.20.3-150600.19.9.1	Security update for wget 漏洞详情: 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

usr/bin/yq (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.27.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

CVE-2024-45338

高危

v0.27.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:2b32d5309a740ee1cfea3b93d9ace4126f06db9cb53ec3778e13344aaa934b50

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/local/bin/agent (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.23.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:3c3bb2aa5a8fa5fa119f377f3826b52a51929c5e3424d1def186e9fdfea099d5 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

CVE-2024-45338

高危

v0.23.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:3c3bb2aa5a8fa5fa119f377f3826b52a51929c5e3424d1def186e9fdfea099d5

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

usr/local/bin/consul (gobinary)

低危漏洞:1

中危漏洞:0

高危漏洞:1

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.22.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:1e03de19fbfd9e9d2c0af4857729066d5f28d2d96bde3d3d7082c73a09c7148f 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
golang.org/x/net	CVE-2024-45338	高危	v0.24.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:1e03de19fbfd9e9d2c0af4857729066d5f28d2d96bde3d3d7082c73a09c7148f 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:1e03de19fbfd9e9d2c0af4857729066d5f28d2d96bde3d3d7082c73a09c7148f 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/crypto

CVE-2024-45337

严重

v0.22.0

0.31.0

golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:1e03de19fbfd9e9d2c0af4857729066d5f28d2d96bde3d3d7082c73a09c7148f

发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15

golang.org/x/net

CVE-2024-45338

高危

v0.24.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:1e03de19fbfd9e9d2c0af4857729066d5f28d2d96bde3d3d7082c73a09c7148f

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

github.com/golang-jwt/jwt/v4

CVE-2024-51744

低危

v4.5.0

4.5.1

golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744

镜像层: sha256:1e03de19fbfd9e9d2c0af4857729066d5f28d2d96bde3d3d7082c73a09c7148f

发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04

usr/local/bin/pathWalker (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/net	CVE-2024-45338	高危	v0.23.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:3c3bb2aa5a8fa5fa119f377f3826b52a51929c5e3424d1def186e9fdfea099d5 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

golang.org/x/net

CVE-2024-45338

高危

v0.23.0

0.33.0

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:3c3bb2aa5a8fa5fa119f377f3826b52a51929c5e3424d1def186e9fdfea099d5

发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16

/etc/neuvector/certs/internal/cert.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/neuvector/enforcer:latest linux/amd64

全部漏洞信息

docker.io/neuvector/enforcer:latest (suse linux enterprise server 15.6) (suse linux enterprise server)

usr/bin/yq (gobinary)

usr/local/bin/agent (gobinary)

usr/local/bin/consul (gobinary)

usr/local/bin/pathWalker (gobinary)

/etc/neuvector/certs/internal/cert.key ()