docker.io/sameersbn/gitlab:14.10.5 linux/amd64

docker.io/sameersbn/gitlab:14.10.5 - Trivy安全扫描结果扫描时间: 2025-02-13 10:54

全部漏洞信息

低危漏洞:209

中危漏洞:1046

高危漏洞:869

严重漏洞:84

系统OS: ubuntu 20.04 扫描引擎: Trivy 扫描时间: 2025-02-13 10:54

docker.io/sameersbn/gitlab:14.10.5 (ubuntu 20.04) (ubuntu)

低危漏洞:178

中危漏洞:395

高危漏洞:4

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libksba8	CVE-2022-3515	高危	1.3.5-2	1.3.5-2ubuntu0.20.04.1	libksba: integer overflow may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3515 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2023-07-06 19:15
libnghttp2-14	CVE-2023-44487	高危	1.40.0-1build1	1.40.0-1ubuntu0.2	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
libssl1.1	CVE-2023-0286	高危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.17	openssl: X.400 address type confusion in X.509 GeneralName 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0286 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-08 20:15 修改: 2024-02-04 09:15
openssl	CVE-2023-0286	高危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.17	openssl: X.400 address type confusion in X.509 GeneralName 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0286 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-08 20:15 修改: 2024-02-04 09:15
curl	CVE-2023-23916	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.16	curl: HTTP multi-header compression denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23916 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-23 20:15 修改: 2024-03-27 14:54
curl	CVE-2023-27535	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: FTP too eager connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27535 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:47
curl	CVE-2023-46218	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.21	curl: information disclosure by exploiting a mixed case flaw 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-07 01:15 修改: 2024-01-25 14:15
curl	CVE-2024-2398	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.22	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-27 08:15 修改: 2024-07-30 02:15
curl	CVE-2024-7264	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.23	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-07-31 08:15 修改: 2024-10-30 20:35
curl	CVE-2024-8096	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.24	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-09-11 10:15 修改: 2024-09-11 16:26
dirmngr	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
fdisk	CVE-2024-28085	中危	2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
gnupg	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gnupg-l10n	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gnupg-utils	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gnupg2	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gpg	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gpg-agent	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gpg-wks-client	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gpg-wks-server	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gpgconf	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gpgsm	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
gpgv	CVE-2022-34903	中危	2.2.19-3ubuntu2.1	2.2.19-3ubuntu2.2	gpg: Signature spoofing via status line injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34903 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-07-01 22:15 修改: 2023-11-07 03:48
graphicsmagick	CVE-2020-12672	中危	1.4+really1.3.35-1	1.4+really1.3.35-1ubuntu0.1	GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12672 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2020-05-06 03:15 修改: 2022-11-14 18:49
graphicsmagick	CVE-2022-1270	中危	1.4+really1.3.35-1	1.4+really1.3.35-1ubuntu0.1	In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1270 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-09-28 20:15 修改: 2023-02-01 14:11
libasn1-8-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libasn1-8-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libasn1-8-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libasn1-8-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libasn1-8-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libasn1-8-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libasn1-8-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libblkid1	CVE-2024-28085	中危	2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libc-bin	CVE-2024-2961	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33599	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33600	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33601	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc-bin	CVE-2024-33602	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-2961	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33599	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33600	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33601	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libc6	CVE-2024-33602	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
libcap2	CVE-2023-2603	中危	1:2.32-1	1:2.32-1ubuntu0.1	libcap: Integer Overflow in _libcap_strdup() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2603 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-06 20:15 修改: 2024-10-10 16:32
libcap2-bin	CVE-2023-2603	中危	1:2.32-1	1:2.32-1ubuntu0.1	libcap: Integer Overflow in _libcap_strdup() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2603 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-06 20:15 修改: 2024-10-10 16:32
libcurl4	CVE-2022-32221	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.14	curl: POST following PUT confusion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32221 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-12-05 22:15 修改: 2024-03-27 15:00
libcurl4	CVE-2022-43552	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.15	curl: Use-after-free triggered by an HTTP proxy deny response 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-43552 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-09 20:15 修改: 2024-10-27 15:35
libcurl4	CVE-2023-23916	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.16	curl: HTTP multi-header compression denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23916 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-23 20:15 修改: 2024-03-27 14:54
libcurl4	CVE-2023-27535	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: FTP too eager connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27535 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:47
libcurl4	CVE-2023-46218	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.21	curl: information disclosure by exploiting a mixed case flaw 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-07 01:15 修改: 2024-01-25 14:15
libcurl4	CVE-2024-2398	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.22	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-27 08:15 修改: 2024-07-30 02:15
libcurl4	CVE-2024-7264	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.23	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-07-31 08:15 修改: 2024-10-30 20:35
libcurl4	CVE-2024-8096	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.24	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-09-11 10:15 修改: 2024-09-11 16:26
libelf1	CVE-2020-21047	中危	0.176-1.1build1	0.176-1.1ubuntu0.1	The libcpu component which is used by libasm of elfutils version 0.177 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-21047 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-22 19:16 修改: 2023-11-07 03:19
libexpat1	CVE-2022-40674	中危	2.2.9-1ubuntu0.4	2.2.9-1ubuntu0.5	expat: a use-after-free in the doContent function in xmlparse.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40674 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-09-14 11:15 修改: 2023-11-07 03:52
libexpat1	CVE-2022-43680	中危	2.2.9-1ubuntu0.4	2.2.9-1ubuntu0.6	expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-43680 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-10-24 14:15 修改: 2024-01-21 02:08
libexpat1	CVE-2024-45490	中危	2.2.9-1ubuntu0.4	2.2.9-1ubuntu0.7	libexpat: Negative Length Parsing Vulnerability in libexpat 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-30 03:15 修改: 2024-10-18 12:24
libexpat1	CVE-2024-45491	中危	2.2.9-1ubuntu0.4	2.2.9-1ubuntu0.7	libexpat: Integer Overflow or Wraparound 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libexpat1	CVE-2024-45492	中危	2.2.9-1ubuntu0.4	2.2.9-1ubuntu0.7	libexpat: integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-30 03:15 修改: 2024-09-04 14:28
libexpat1	CVE-2024-50602	中危	2.2.9-1ubuntu0.4	2.2.9-1ubuntu0.8	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-10-27 05:15 修改: 2024-10-30 18:35
libfdisk1	CVE-2024-28085	中危	2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libfreetype6	CVE-2022-27404	中危	2.10.1-2ubuntu0.1	2.10.1-2ubuntu0.2	FreeType: Buffer overflow in sfnt_init_face 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27404 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-22 14:15 修改: 2024-02-29 01:34
libfreetype6	CVE-2022-31782	中危	2.10.1-2ubuntu0.1	2.10.1-2ubuntu0.2	ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31782 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-06-02 14:15 修改: 2022-06-10 18:08
libfreetype6	CVE-2025-23022	中危	2.10.1-2ubuntu0.1		freetype: signed integer overflow in cf2_doFlex 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23022 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2025-01-10 15:15 修改: 2025-01-16 21:12
libgnutls30	CVE-2022-2509	中危	3.6.13-2ubuntu1.6	3.6.13-2ubuntu1.7	gnutls: Double free during gnutls_pkcs7_verify 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2509 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-08-01 14:15 修改: 2023-11-07 03:46
libgnutls30	CVE-2023-0361	中危	3.6.13-2ubuntu1.6	3.6.13-2ubuntu1.8	gnutls: timing side-channel in the TLS RSA key exchange code 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0361 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-02-15 18:15 修改: 2023-11-07 04:00
libgnutls30	CVE-2023-5981	中危	3.6.13-2ubuntu1.6	3.6.13-2ubuntu1.9	gnutls: timing side-channel in the RSA-PSK authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5981 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-11-28 12:15 修改: 2024-09-16 13:15
libgnutls30	CVE-2024-0553	中危	3.6.13-2ubuntu1.6	3.6.13-2ubuntu1.10	gnutls: incomplete fix for CVE-2023-5981 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0553 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-01-16 12:15 修改: 2024-09-16 13:15
libgnutls30	CVE-2024-28834	中危	3.6.13-2ubuntu1.6	3.6.13-2ubuntu1.11	gnutls: vulnerable to Minerva side-channel information leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28834 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-21 14:15 修改: 2024-11-21 21:15
libgraphicsmagick-q16-3	CVE-2020-12672	中危	1.4+really1.3.35-1	1.4+really1.3.35-1ubuntu0.1	GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12672 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2020-05-06 03:15 修改: 2022-11-14 18:49
libgraphicsmagick-q16-3	CVE-2022-1270	中危	1.4+really1.3.35-1	1.4+really1.3.35-1ubuntu0.1	In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1270 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-09-28 20:15 修改: 2023-02-01 14:11
libgssapi-krb5-2	CVE-2021-36222	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.3	krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36222 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-07-22 18:15 修改: 2021-11-28 23:19
libgssapi-krb5-2	CVE-2021-37750	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.3	krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37750 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-08-23 05:15 修改: 2023-11-07 03:37
libgssapi-krb5-2	CVE-2022-42898	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.2	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libgssapi-krb5-2	CVE-2023-36054	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.4	krb5: Denial of service through freeing uninitialized pointer 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36054 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-07 19:15 修改: 2023-11-15 03:23
libgssapi-krb5-2	CVE-2024-26462	中危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libgssapi-krb5-2	CVE-2024-37370	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libgssapi-krb5-2	CVE-2024-37371	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libgssapi3-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libgssapi3-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libgssapi3-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libgssapi3-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libgssapi3-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libgssapi3-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libgssapi3-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libhcrypto4-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libhcrypto4-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libhcrypto4-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libhcrypto4-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libhcrypto4-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libhcrypto4-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libhcrypto4-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libheimbase1-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libheimbase1-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libheimbase1-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libheimbase1-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libheimbase1-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libheimbase1-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libheimbase1-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libheimntlm0-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libheimntlm0-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libheimntlm0-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libheimntlm0-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libheimntlm0-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libheimntlm0-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libheimntlm0-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libhx509-5-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libhx509-5-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libhx509-5-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libhx509-5-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libhx509-5-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libhx509-5-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libhx509-5-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libimage-exiftool-perl	CVE-2022-23935	中危	11.88-1ubuntu0.1		lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23935 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-01-25 06:15 修改: 2023-08-08 14:21
libjpeg-turbo8	CVE-2020-35538	中危	2.0.3-0ubuntu1.20.04.1	2.0.3-0ubuntu1.20.04.3	libjpeg-turbo: Null pointer dereference in jcopy_sample_rows() function 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35538 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-31 16:15 修改: 2022-09-20 17:39
libk5crypto3	CVE-2021-36222	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.3	krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36222 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-07-22 18:15 修改: 2021-11-28 23:19
libk5crypto3	CVE-2021-37750	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.3	krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37750 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-08-23 05:15 修改: 2023-11-07 03:37
libk5crypto3	CVE-2022-42898	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.2	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libk5crypto3	CVE-2023-36054	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.4	krb5: Denial of service through freeing uninitialized pointer 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36054 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-07 19:15 修改: 2023-11-15 03:23
libk5crypto3	CVE-2024-26462	中危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libk5crypto3	CVE-2024-37370	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libk5crypto3	CVE-2024-37371	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libkrb5-26-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libkrb5-26-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libkrb5-26-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libkrb5-26-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libkrb5-26-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libkrb5-26-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libkrb5-26-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libkrb5-3	CVE-2021-36222	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.3	krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36222 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-07-22 18:15 修改: 2021-11-28 23:19
libkrb5-3	CVE-2021-37750	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.3	krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37750 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-08-23 05:15 修改: 2023-11-07 03:37
libkrb5-3	CVE-2022-42898	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.2	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libkrb5-3	CVE-2023-36054	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.4	krb5: Denial of service through freeing uninitialized pointer 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36054 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-07 19:15 修改: 2023-11-15 03:23
libkrb5-3	CVE-2024-26462	中危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libkrb5-3	CVE-2024-37370	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libkrb5-3	CVE-2024-37371	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
libkrb5support0	CVE-2021-36222	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.3	krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36222 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-07-22 18:15 修改: 2021-11-28 23:19
libkrb5support0	CVE-2021-37750	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.3	krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37750 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-08-23 05:15 修改: 2023-11-07 03:37
libkrb5support0	CVE-2022-42898	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.2	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libkrb5support0	CVE-2023-36054	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.4	krb5: Denial of service through freeing uninitialized pointer 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36054 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-07 19:15 修改: 2023-11-15 03:23
libkrb5support0	CVE-2024-26462	中危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/kdc/ndr.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-05-14 15:09
libkrb5support0	CVE-2024-37370	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-28 22:15 修改: 2024-08-27 17:48
libkrb5support0	CVE-2024-37371	中危	1.17-6ubuntu4.1	1.17-6ubuntu4.6	krb5: GSS message token handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-28 23:15 修改: 2024-09-18 12:39
bsdutils	CVE-2024-28085	中危	1:2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libksba8	CVE-2022-47629	中危	1.3.5-2	1.3.5-2ubuntu0.20.04.2	libksba: integer overflow to code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-47629 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-20 23:15 修改: 2023-11-07 03:56
libmount1	CVE-2024-28085	中危	2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libncurses5	CVE-2023-29491	中危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: Local users can trigger security-relevant memory corruption via malformed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
libncurses6	CVE-2023-29491	中危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: Local users can trigger security-relevant memory corruption via malformed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
libncursesw6	CVE-2023-29491	中危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: Local users can trigger security-relevant memory corruption via malformed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
ca-certificates	CVE-2022-23491	中危	20211016~20.04.1	20211016ubuntu0.20.04.1	python-certifi: untrusted root certificates 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23491 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-07 22:15 修改: 2023-03-24 18:12
libnghttp2-14	CVE-2020-11080	中危	1.40.0-1build1	1.40.0-1ubuntu0.1	nghttp2: overly large SETTINGS frames can lead to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11080 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2020-06-03 23:15 修改: 2023-11-07 03:14
libnghttp2-14	CVE-2024-28182	中危	1.40.0-1build1	1.40.0-1ubuntu0.3	nghttp2: CONTINUATION frames DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28182 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-04-04 15:15 修改: 2024-05-01 18:15
libpam-modules	CVE-2024-10041	中危	1.3.1-5ubuntu4.3		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-modules	CVE-2024-22365	中危	1.3.1-5ubuntu4.3	1.3.1-5ubuntu4.7	pam: allowing unprivileged user to block another user namespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27
libpam-modules-bin	CVE-2024-10041	中危	1.3.1-5ubuntu4.3		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-modules-bin	CVE-2024-22365	中危	1.3.1-5ubuntu4.3	1.3.1-5ubuntu4.7	pam: allowing unprivileged user to block another user namespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27
libpam-runtime	CVE-2024-10041	中危	1.3.1-5ubuntu4.3		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam-runtime	CVE-2024-22365	中危	1.3.1-5ubuntu4.3	1.3.1-5ubuntu4.7	pam: allowing unprivileged user to block another user namespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27
libpam0g	CVE-2024-10041	中危	1.3.1-5ubuntu4.3		pam: libpam: Libpam vulnerable to read hashed password 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-10-23 14:15 修改: 2024-12-18 10:15
libpam0g	CVE-2024-22365	中危	1.3.1-5ubuntu4.3	1.3.1-5ubuntu4.7	pam: allowing unprivileged user to block another user namespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-06 08:15 修改: 2024-02-14 00:27
libperl5.30	CVE-2020-16156	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.3	perl-CPAN: Bypass of verification of signatures in CHECKSUMS files 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-16156 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-12-13 18:15 修改: 2023-11-07 03:18
libperl5.30	CVE-2023-31484	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.4	perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31484 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-29 00:15 修改: 2024-08-01 13:43
libperl5.30	CVE-2023-47038	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.5	perl: Write past buffer end via illegal user-defined Unicode property 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47038 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
libpython3.8-minimal	CVE-2022-37454	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.6	XKCP: buffer overflow in the SHA-3 reference implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37454 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-10-21 06:15 修改: 2023-05-03 11:15
libpython3.8-minimal	CVE-2022-45061	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.6	python: CPU denial of service via inefficient IDNA decoder 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45061 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-11-09 07:15 修改: 2023-11-07 03:54
libpython3.8-minimal	CVE-2023-24329	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.8	python: urllib.parse url blocklisting bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24329 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-17 15:15 修改: 2023-11-07 04:08
libpython3.8-minimal	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
libpython3.8-minimal	CVE-2023-40217	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.9	python: TLS handshake bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40217 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-25 01:15 修改: 2023-11-07 04:20
libpython3.8-minimal	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-minimal	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
libpython3.8-minimal	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-minimal	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.4		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libpython3.8-minimal	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
libpython3.8-minimal	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
libpython3.8-minimal	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
libpython3.8-minimal	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
libpython3.8-stdlib	CVE-2022-37454	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.6	XKCP: buffer overflow in the SHA-3 reference implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37454 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-10-21 06:15 修改: 2023-05-03 11:15
libpython3.8-stdlib	CVE-2022-45061	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.6	python: CPU denial of service via inefficient IDNA decoder 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45061 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-11-09 07:15 修改: 2023-11-07 03:54
libpython3.8-stdlib	CVE-2023-24329	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.8	python: urllib.parse url blocklisting bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24329 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-17 15:15 修改: 2023-11-07 04:08
libpython3.8-stdlib	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
libpython3.8-stdlib	CVE-2023-40217	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.9	python: TLS handshake bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40217 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-25 01:15 修改: 2023-11-07 04:20
libpython3.8-stdlib	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-stdlib	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
libpython3.8-stdlib	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
libpython3.8-stdlib	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.4		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
libpython3.8-stdlib	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
libpython3.8-stdlib	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
libpython3.8-stdlib	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
libpython3.8-stdlib	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
libroken18-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libroken18-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libroken18-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libroken18-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libroken18-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libroken18-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libroken18-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libsmartcols1	CVE-2024-28085	中危	2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libsqlite3-0	CVE-2020-35525	中危	3.31.1-4ubuntu0.3	3.31.1-4ubuntu0.4	sqlite: Null pointer derreference in src/select.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35525 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-09-01 18:15 修改: 2023-07-06 19:15
libsqlite3-0	CVE-2020-35527	中危	3.31.1-4ubuntu0.3	3.31.1-4ubuntu0.4	sqlite: Out of bounds access during table rename 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35527 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-09-01 18:15 修改: 2022-12-08 22:29
libsqlite3-0	CVE-2022-35737	中危	3.31.1-4ubuntu0.3	3.31.1-4ubuntu0.5	sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35737 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-08-03 06:15 修改: 2024-03-27 16:05
libsqlite3-0	CVE-2023-7104	中危	3.31.1-4ubuntu0.3	3.31.1-4ubuntu0.6	sqlite: heap-buffer-overflow at sessionfuzz 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7104 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-12-29 10:15 修改: 2024-05-17 02:34
libssh-4	CVE-2023-1667	中危	0.9.3-2ubuntu2.2	0.9.3-2ubuntu2.3	libssh: NULL pointer dereference during rekeying with algorithm guessing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1667 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-26 18:15 修改: 2023-12-22 10:15
libssh-4	CVE-2023-2283	中危	0.9.3-2ubuntu2.2	0.9.3-2ubuntu2.3	libssh: authorization bypass in pki_verify_data_signature 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2283 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-26 18:15 修改: 2024-02-01 17:15
libssh-4	CVE-2023-48795	中危	0.9.3-2ubuntu2.2	0.9.3-2ubuntu2.4	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
libssh-4	CVE-2023-6004	中危	0.9.3-2ubuntu2.2	0.9.3-2ubuntu2.5	libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6004 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-01-03 17:15 修改: 2024-09-16 18:15
libssh-4	CVE-2023-6918	中危	0.9.3-2ubuntu2.2	0.9.3-2ubuntu2.5	libssh: Missing checks for return values for digests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6918 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-19 00:15 修改: 2024-09-16 18:15
curl	CVE-2022-32221	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.14	curl: POST following PUT confusion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32221 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-12-05 22:15 修改: 2024-03-27 15:00
libssl1.1	CVE-2022-2097	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.16	openssl: AES OCB fails to encrypt some bytes 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2097 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-05 11:15 修改: 2024-06-21 19:15
libssl1.1	CVE-2022-4304	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.17	openssl: timing attack in RSA Decryption implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4304 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-08 20:15 修改: 2024-02-04 09:15
libssl1.1	CVE-2022-4450	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.17	openssl: double free after calling PEM_read_bio_ex 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4450 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-08 20:15 修改: 2024-02-04 09:15
libssl1.1	CVE-2023-0215	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.17	openssl: use-after-free following BIO_new_NDEF 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0215 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-08 20:15 修改: 2024-06-21 19:15
libssl1.1	CVE-2023-2650	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.19	openssl: Possible DoS translating ASN.1 object identifiers 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2650 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-05-30 14:15 修改: 2024-02-04 09:15
libsystemd0	CVE-2022-3821	中危	245.4-4ubuntu3.17	245.4-4ubuntu3.20	systemd: buffer overrun in format_timespan() function 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3821 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-08 22:15 修改: 2023-11-07 03:51
libsystemd0	CVE-2022-4415	中危	245.4-4ubuntu3.17	245.4-4ubuntu3.20	systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4415 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-11 15:15 修改: 2023-02-02 16:19
libtiff5	CVE-2022-0907	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.4	tiff: NULL Pointer Dereference in tiffcrop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0907 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-03-11 18:15 修改: 2023-11-07 03:41
libtiff5	CVE-2022-0908	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.4	tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0908 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-03-11 18:15 修改: 2023-11-07 03:41
libtiff5	CVE-2022-0909	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.4	tiff: Divide By Zero error in tiffcrop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0909 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-03-11 18:15 修改: 2023-11-07 03:41
libtiff5	CVE-2022-0924	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.4	libtiff: Out-of-bounds Read error in tiffcp 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0924 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-03-11 18:15 修改: 2023-11-07 03:41
libtiff5	CVE-2022-1354	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.5	libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1354 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-31 16:15 修改: 2023-02-23 15:50
libtiff5	CVE-2022-1355	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.5	libtiff: stack-buffer-overflow in tiffcp.c in main() 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1355 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-31 16:15 修改: 2023-02-23 15:52
libtiff5	CVE-2022-34526	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34526 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-07-29 23:15 修改: 2023-11-07 03:48
libtiff5	CVE-2022-3570	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: heap Buffer overflows in tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3570 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-10-21 16:15 修改: 2023-02-23 16:02
libtiff5	CVE-2022-3598	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3598 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-10-21 16:15 修改: 2023-03-31 16:05
libtiff5	CVE-2022-3599	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3599 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-10-21 16:15 修改: 2023-02-23 16:06
libtiff5	CVE-2022-3970	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.7	libtiff: integer overflow in function TIFFReadRGBATileExt of the file 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3970 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-11-13 08:15 修改: 2023-11-17 19:04
libtiff5	CVE-2022-40090	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.11	libtiff: infinite loop via a crafted TIFF file 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40090 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-22 19:16 修改: 2023-08-26 02:13
libtiff5	CVE-2022-4645	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4645 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-03 16:15 修改: 2023-11-07 03:58
libtiff5	CVE-2022-48281	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-48281 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-01-23 03:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0795	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0795 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0796	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0796 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0797	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0797 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0798	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0798 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0799	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0799 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0800	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0800 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0801	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0801 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0802	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0802 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0803	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0803 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-05-30 06:16
libtiff5	CVE-2023-0804	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0804 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-13 23:15 修改: 2023-11-07 04:01
libtiff5	CVE-2023-25433	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25433 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-29 20:15 修改: 2023-08-01 02:15
libtiff5	CVE-2023-26966	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: Buffer Overflow in uv_encode() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26966 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-29 20:15 修改: 2023-08-01 02:15
libtiff5	CVE-2023-2908	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: null pointer dereference in tif_dir.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2908 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-30 22:15 修改: 2023-11-07 04:13
libtiff5	CVE-2023-30774	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30774 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-19 15:15 修改: 2024-01-09 02:51
libtiff5	CVE-2023-30775	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30775 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-19 15:15 修改: 2023-07-03 16:15
libtiff5	CVE-2023-3618	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3618 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-07-12 15:15 修改: 2024-03-23 11:15
libtiff5	CVE-2023-52356	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.12	libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52356 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-01-25 20:15 修改: 2024-09-16 20:15
libtiff5	CVE-2024-7006	中危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.14	libtiff: NULL pointer dereference in tif_dirinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7006 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-12 13:38 修改: 2024-11-06 10:15
libtinfo5	CVE-2023-29491	中危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: Local users can trigger security-relevant memory corruption via malformed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
libtinfo6	CVE-2023-29491	中危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: Local users can trigger security-relevant memory corruption via malformed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
libudev1	CVE-2022-3821	中危	245.4-4ubuntu3.17	245.4-4ubuntu3.20	systemd: buffer overrun in format_timespan() function 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3821 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-08 22:15 修改: 2023-11-07 03:51
libudev1	CVE-2022-4415	中危	245.4-4ubuntu3.17	245.4-4ubuntu3.20	systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4415 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-11 15:15 修改: 2023-02-02 16:19
libuuid1	CVE-2024-28085	中危	2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
libwebp6	CVE-2023-1999	中危	0.6.1-2ubuntu0.20.04.1	0.6.1-2ubuntu0.20.04.2	Mozilla: libwebp: Double-free in libwebp 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1999 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-20 12:15 修改: 2023-09-17 09:15
libwebp6	CVE-2023-4863	中危	0.6.1-2ubuntu0.20.04.1	0.6.1-2ubuntu0.20.04.3	libwebp: Heap buffer overflow in WebP Codec 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4863 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-09-12 15:15 修改: 2024-12-20 19:00
libwebpmux3	CVE-2023-1999	中危	0.6.1-2ubuntu0.20.04.1	0.6.1-2ubuntu0.20.04.2	Mozilla: libwebp: Double-free in libwebp 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1999 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-20 12:15 修改: 2023-09-17 09:15
libwebpmux3	CVE-2023-4863	中危	0.6.1-2ubuntu0.20.04.1	0.6.1-2ubuntu0.20.04.3	libwebp: Heap buffer overflow in WebP Codec 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4863 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-09-12 15:15 修改: 2024-12-20 19:00
libwind0-heimdal	CVE-2021-44758	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44758 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-26 05:15 修改: 2023-10-08 09:15
libwind0-heimdal	CVE-2022-3116	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3116 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-27 22:15 修改: 2023-05-05 20:15
libwind0-heimdal	CVE-2022-3437	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3437 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-01-12 15:15 修改: 2024-10-28 19:35
libwind0-heimdal	CVE-2022-41916	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.2	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41916 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-11-15 23:15 修改: 2023-10-08 09:15
libwind0-heimdal	CVE-2022-42898	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	krb5: integer overflow vulnerabilities in PAC parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 06:15 修改: 2023-10-08 09:15
libwind0-heimdal	CVE-2022-44640	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.3	Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44640 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-12-25 05:15 修改: 2023-10-08 09:15
libwind0-heimdal	CVE-2022-45142	中危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.4	samba: fix introduced a logic inversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45142 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-06 23:15 修改: 2023-10-08 09:15
libx11-6	CVE-2023-3138	中危	2:1.6.9-2ubuntu1.2	2:1.6.9-2ubuntu1.5	libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3138 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-28 21:15 修改: 2023-12-08 19:15
libx11-6	CVE-2023-43785	中危	2:1.6.9-2ubuntu1.2	2:1.6.9-2ubuntu1.6	libX11: out-of-bounds memory access in _XkbReadKeySyms() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43785 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-6	CVE-2023-43786	中危	2:1.6.9-2ubuntu1.2	2:1.6.9-2ubuntu1.6	libX11: stack exhaustion from infinite recursion in PutSubImage() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43786 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-6	CVE-2023-43787	中危	2:1.6.9-2ubuntu1.2	2:1.6.9-2ubuntu1.6	libX11: integer overflow in XCreateImage() leading to a heap overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43787 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-data	CVE-2023-3138	中危	2:1.6.9-2ubuntu1.2	2:1.6.9-2ubuntu1.5	libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3138 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-28 21:15 修改: 2023-12-08 19:15
libx11-data	CVE-2023-43785	中危	2:1.6.9-2ubuntu1.2	2:1.6.9-2ubuntu1.6	libX11: out-of-bounds memory access in _XkbReadKeySyms() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43785 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-data	CVE-2023-43786	中危	2:1.6.9-2ubuntu1.2	2:1.6.9-2ubuntu1.6	libX11: stack exhaustion from infinite recursion in PutSubImage() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43786 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libx11-data	CVE-2023-43787	中危	2:1.6.9-2ubuntu1.2	2:1.6.9-2ubuntu1.6	libX11: integer overflow in XCreateImage() leading to a heap overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43787 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libxml2	CVE-2016-3709	中危	2.9.10+dfsg-5ubuntu0.20.04.3	2.9.10+dfsg-5ubuntu0.20.04.4	libxml2: Incorrect server side include parsing can lead to XSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3709 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-07-28 17:15 修改: 2022-12-07 16:39
libxml2	CVE-2022-40303	中危	2.9.10+dfsg-5ubuntu0.20.04.3	2.9.10+dfsg-5ubuntu0.20.04.5	libxml2: integer overflows with XML_PARSE_HUGE 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40303 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-11-23 00:15 修改: 2023-11-07 03:52
libxml2	CVE-2022-40304	中危	2.9.10+dfsg-5ubuntu0.20.04.3	2.9.10+dfsg-5ubuntu0.20.04.5	libxml2: dict corruption caused by entity reference cycles 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40304 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-11-23 18:15 修改: 2023-11-07 03:52
libxml2	CVE-2023-28484	中危	2.9.10+dfsg-5ubuntu0.20.04.3	2.9.10+dfsg-5ubuntu0.20.04.6	libxml2: NULL dereference in xmlSchemaFixupComplexType 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28484 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-24 21:15 修改: 2024-02-01 17:15
libxml2	CVE-2023-29469	中危	2.9.10+dfsg-5ubuntu0.20.04.3	2.9.10+dfsg-5ubuntu0.20.04.6	libxml2: Hashing of empty dict strings isn't deterministic 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29469 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-24 21:15 修改: 2023-06-01 14:15
libxml2	CVE-2024-25062	中危	2.9.10+dfsg-5ubuntu0.20.04.3	2.9.10+dfsg-5ubuntu0.20.04.7	libxml2: use-after-free in XMLReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25062 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-04 16:15 修改: 2024-02-13 00:40
libxpm4	CVE-2022-44617	中危	1:3.5.12-1	1:3.5.12-1ubuntu0.20.04.1	libXpm: Runaway loop on width of 0 and enormous height 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44617 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-06 23:15 修改: 2023-11-07 03:54
libxpm4	CVE-2022-46285	中危	1:3.5.12-1	1:3.5.12-1ubuntu0.20.04.1	libXpm: Infinite loop on unclosed comments 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46285 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-07 19:15 修改: 2023-10-17 15:55
libxpm4	CVE-2022-4883	中危	1:3.5.12-1	1:3.5.12-1ubuntu0.20.04.1	libXpm: compression commands depend on $PATH 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4883 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-07 19:15 修改: 2023-10-17 15:55
libxpm4	CVE-2023-43786	中危	1:3.5.12-1	1:3.5.12-1ubuntu0.20.04.2	libX11: stack exhaustion from infinite recursion in PutSubImage() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43786 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libxpm4	CVE-2023-43787	中危	1:3.5.12-1	1:3.5.12-1ubuntu0.20.04.2	libX11: integer overflow in XCreateImage() leading to a heap overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43787 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libxpm4	CVE-2023-43788	中危	1:3.5.12-1	1:3.5.12-1ubuntu0.20.04.2	libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43788 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-10 13:15 修改: 2024-09-16 15:15
libxpm4	CVE-2023-43789	中危	1:3.5.12-1	1:3.5.12-1ubuntu0.20.04.2	libXpm: out of bounds read on XPM with corrupted colormap 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43789 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-12 12:15 修改: 2024-09-16 15:15
libxslt1.1	CVE-2021-30560	中危	1.1.34-4	1.1.34-4ubuntu0.20.04.1	Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-30560 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-08-03 19:15 修改: 2024-03-27 14:45
locales	CVE-2024-2961	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.15	glibc: Out of bounds write in iconv may lead to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-04-17 18:15 修改: 2024-07-22 18:15
locales	CVE-2024-33599	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: stack-based buffer overflow in netgroup cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33600	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: null pointer dereferences after failed netgroup cache insertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33601	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache may terminate daemon on memory allocation failure 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
locales	CVE-2024-33602	中危	2.31-0ubuntu9.9	2.31-0ubuntu9.16	glibc: netgroup cache assumes NSS callback uses in-buffer strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-05-06 20:15 修改: 2024-07-22 18:15
login	CVE-2024-56433	中危	1:4.8.1-1ubuntu5.20.04.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-12-26 09:15 修改: 2024-12-26 09:15
mount	CVE-2024-28085	中危	2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
ncurses-base	CVE-2023-29491	中危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: Local users can trigger security-relevant memory corruption via malformed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
ncurses-bin	CVE-2023-29491	中危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: Local users can trigger security-relevant memory corruption via malformed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-04-14 01:15 修改: 2024-01-31 03:15
openssh-client	CVE-2023-38408	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.8	openssh: Remote code execution in ssh-agent PKCS#11 support 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38408 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-07-20 03:15 修改: 2024-10-15 19:35
openssh-client	CVE-2023-48795	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.10	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
openssh-client	CVE-2023-51385	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.11	openssh: potential command injection via shell metacharacters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51385 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 19:15 修改: 2024-03-13 21:15
openssh-server	CVE-2023-38408	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.8	openssh: Remote code execution in ssh-agent PKCS#11 support 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38408 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-07-20 03:15 修改: 2024-10-15 19:35
openssh-server	CVE-2023-48795	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.10	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
openssh-server	CVE-2023-51385	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.11	openssh: potential command injection via shell metacharacters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51385 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 19:15 修改: 2024-03-13 21:15
openssh-sftp-server	CVE-2023-38408	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.8	openssh: Remote code execution in ssh-agent PKCS#11 support 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38408 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-07-20 03:15 修改: 2024-10-15 19:35
openssh-sftp-server	CVE-2023-48795	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.10	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
openssh-sftp-server	CVE-2023-51385	中危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.11	openssh: potential command injection via shell metacharacters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51385 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 19:15 修改: 2024-03-13 21:15
curl	CVE-2022-43552	中危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.15	curl: Use-after-free triggered by an HTTP proxy deny response 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-43552 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-09 20:15 修改: 2024-10-27 15:35
openssl	CVE-2022-2097	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.16	openssl: AES OCB fails to encrypt some bytes 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2097 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-07-05 11:15 修改: 2024-06-21 19:15
openssl	CVE-2022-4304	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.17	openssl: timing attack in RSA Decryption implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4304 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-08 20:15 修改: 2024-02-04 09:15
openssl	CVE-2022-4450	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.17	openssl: double free after calling PEM_read_bio_ex 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4450 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-08 20:15 修改: 2024-02-04 09:15
openssl	CVE-2023-0215	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.17	openssl: use-after-free following BIO_new_NDEF 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0215 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-08 20:15 修改: 2024-06-21 19:15
openssl	CVE-2023-2650	中危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.19	openssl: Possible DoS translating ASN.1 object identifiers 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2650 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-05-30 14:15 修改: 2024-02-04 09:15
passwd	CVE-2024-56433	中危	1:4.8.1-1ubuntu5.20.04.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-12-26 09:15 修改: 2024-12-26 09:15
perl	CVE-2020-16156	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.3	perl-CPAN: Bypass of verification of signatures in CHECKSUMS files 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-16156 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-12-13 18:15 修改: 2023-11-07 03:18
perl	CVE-2023-31484	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.4	perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31484 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-29 00:15 修改: 2024-08-01 13:43
perl	CVE-2023-47038	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.5	perl: Write past buffer end via illegal user-defined Unicode property 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47038 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
perl-base	CVE-2020-16156	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.3	perl-CPAN: Bypass of verification of signatures in CHECKSUMS files 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-16156 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2021-12-13 18:15 修改: 2023-11-07 03:18
perl-base	CVE-2023-31484	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.4	perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31484 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-04-29 00:15 修改: 2024-08-01 13:43
perl-base	CVE-2023-47038	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.5	perl: Write past buffer end via illegal user-defined Unicode property 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47038 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
perl-modules-5.30	CVE-2020-16156	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.3	perl-CPAN: Bypass of verification of signatures in CHECKSUMS files 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-16156 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-12-13 18:15 修改: 2023-11-07 03:18
perl-modules-5.30	CVE-2023-31484	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.4	perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31484 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-29 00:15 修改: 2024-08-01 13:43
perl-modules-5.30	CVE-2023-47038	中危	5.30.0-9ubuntu0.2	5.30.0-9ubuntu0.5	perl: Write past buffer end via illegal user-defined Unicode property 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47038 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 14:15 修改: 2024-09-16 16:15
postgresql-12	CVE-2022-2625	中危	12.11-1.pgdg20.04+1	12.12-0ubuntu0.20.04.1	postgresql: Extension scripts replace objects not belonging to the extension. 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2625 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-18 19:15 修改: 2022-12-02 20:14
postgresql-12	CVE-2022-41862	中危	12.11-1.pgdg20.04+1	12.14-0ubuntu0.20.04.1	postgresql: Client memory disclosure when connecting with Kerberos to modified server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41862 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-03 16:15 修改: 2023-04-27 15:15
postgresql-12	CVE-2023-2454	中危	12.11-1.pgdg20.04+1	12.15-0ubuntu0.20.04.1	postgresql: schema_element defeats protective search_path changes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2454 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-09 19:15 修改: 2025-01-06 18:15
postgresql-12	CVE-2023-2455	中危	12.11-1.pgdg20.04+1	12.15-0ubuntu0.20.04.1	postgresql: row security policies disregard user ID changes after inlining. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2455 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-09 19:15 修改: 2025-01-06 18:15
postgresql-12	CVE-2023-39417	中危	12.11-1.pgdg20.04+1	12.16-0ubuntu0.20.04.1	postgresql: extension script @substitutions@ within quoting allow SQL injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39417 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-11 13:15 修改: 2024-09-09 08:15
postgresql-12	CVE-2023-5868	中危	12.11-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Memory disclosure in aggregate function calls 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5868 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-12	CVE-2023-5869	中危	12.11-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Buffer overrun from integer overflow in array modification 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5869 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-12	CVE-2023-5870	中危	12.11-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Role pg_signal_backend can signal certain superuser processes. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5870 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-12	CVE-2024-0985	中危	12.11-1.pgdg20.04+1	12.18-0ubuntu0.20.04.1	postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0985 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-08 13:15 修改: 2024-12-20 13:15
postgresql-12	CVE-2024-10976	中危	12.11-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10976 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-14 13:15 修改: 2024-11-15 13:58
postgresql-12	CVE-2024-10977	中危	12.11-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL libpq retains an error message from man-in-the-middle 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10977 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-14 13:15 修改: 2024-11-15 13:58
postgresql-12	CVE-2024-10978	中危	12.11-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10978 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-14 13:15 修改: 2024-11-21 22:15
postgresql-12	CVE-2024-10979	中危	12.11-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10979 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-14 13:15 修改: 2025-01-10 13:15
postgresql-12	CVE-2024-7348	中危	12.11-1.pgdg20.04+1	12.20-0ubuntu0.20.04.1	postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7348 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-08 13:15 修改: 2024-08-12 15:54
postgresql-client-12	CVE-2022-2625	中危	12.11-1.pgdg20.04+1	12.12-0ubuntu0.20.04.1	postgresql: Extension scripts replace objects not belonging to the extension. 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2625 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-18 19:15 修改: 2022-12-02 20:14
postgresql-client-12	CVE-2022-41862	中危	12.11-1.pgdg20.04+1	12.14-0ubuntu0.20.04.1	postgresql: Client memory disclosure when connecting with Kerberos to modified server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41862 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-03 16:15 修改: 2023-04-27 15:15
postgresql-client-12	CVE-2023-2454	中危	12.11-1.pgdg20.04+1	12.15-0ubuntu0.20.04.1	postgresql: schema_element defeats protective search_path changes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2454 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-09 19:15 修改: 2025-01-06 18:15
postgresql-client-12	CVE-2023-2455	中危	12.11-1.pgdg20.04+1	12.15-0ubuntu0.20.04.1	postgresql: row security policies disregard user ID changes after inlining. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2455 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-09 19:15 修改: 2025-01-06 18:15
postgresql-client-12	CVE-2023-39417	中危	12.11-1.pgdg20.04+1	12.16-0ubuntu0.20.04.1	postgresql: extension script @substitutions@ within quoting allow SQL injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39417 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-11 13:15 修改: 2024-09-09 08:15
postgresql-client-12	CVE-2023-5868	中危	12.11-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Memory disclosure in aggregate function calls 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5868 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-client-12	CVE-2023-5869	中危	12.11-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Buffer overrun from integer overflow in array modification 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5869 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-client-12	CVE-2023-5870	中危	12.11-1.pgdg20.04+1	12.17-0ubuntu0.20.04.1	postgresql: Role pg_signal_backend can signal certain superuser processes. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5870 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-10 18:15 修改: 2024-09-14 00:15
postgresql-client-12	CVE-2024-0985	中危	12.11-1.pgdg20.04+1	12.18-0ubuntu0.20.04.1	postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0985 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-08 13:15 修改: 2024-12-20 13:15
postgresql-client-12	CVE-2024-10976	中危	12.11-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10976 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-14 13:15 修改: 2024-11-15 13:58
postgresql-client-12	CVE-2024-10977	中危	12.11-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL libpq retains an error message from man-in-the-middle 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10977 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-14 13:15 修改: 2024-11-15 13:58
postgresql-client-12	CVE-2024-10978	中危	12.11-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10978 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-14 13:15 修改: 2024-11-21 22:15
postgresql-client-12	CVE-2024-10979	中危	12.11-1.pgdg20.04+1	12.22-0ubuntu0.20.04.1	postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10979 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-14 13:15 修改: 2025-01-10 13:15
postgresql-client-12	CVE-2024-7348	中危	12.11-1.pgdg20.04+1	12.20-0ubuntu0.20.04.1	postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7348 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-08 13:15 修改: 2024-08-12 15:54
python3-pkg-resources	CVE-2022-40897	中危	45.2.0-1	45.2.0-1ubuntu0.1	pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-12-23 00:15 修改: 2024-10-29 15:35
python3-pkg-resources	CVE-2024-6345	中危	45.2.0-1	45.2.0-1ubuntu0.2	pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
python3.8	CVE-2022-37454	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.6	XKCP: buffer overflow in the SHA-3 reference implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37454 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-10-21 06:15 修改: 2023-05-03 11:15
python3.8	CVE-2022-45061	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.6	python: CPU denial of service via inefficient IDNA decoder 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45061 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-11-09 07:15 修改: 2023-11-07 03:54
python3.8	CVE-2023-24329	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.8	python: urllib.parse url blocklisting bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24329 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-17 15:15 修改: 2023-11-07 04:08
python3.8	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
python3.8	CVE-2023-40217	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.9	python: TLS handshake bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40217 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-25 01:15 修改: 2023-11-07 04:20
python3.8	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
python3.8	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.4		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
python3.8	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
python3.8	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
python3.8	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
python3.8	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
python3.8-minimal	CVE-2022-37454	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.6	XKCP: buffer overflow in the SHA-3 reference implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37454 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-10-21 06:15 修改: 2023-05-03 11:15
python3.8-minimal	CVE-2022-45061	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.6	python: CPU denial of service via inefficient IDNA decoder 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45061 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-11-09 07:15 修改: 2023-11-07 03:54
python3.8-minimal	CVE-2023-24329	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.8	python: urllib.parse url blocklisting bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24329 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-02-17 15:15 修改: 2023-11-07 04:08
python3.8-minimal	CVE-2023-27043	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-19 00:15 修改: 2024-02-26 16:27
python3.8-minimal	CVE-2023-40217	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.9	python: TLS handshake bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40217 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-08-25 01:15 修改: 2023-11-07 04:20
python3.8-minimal	CVE-2023-6597	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.10	python: Path traversal on tempfile.TemporaryDirectory 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8-minimal	CVE-2024-0397	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.11	cpython: python: Memory race condition in ssl.SSLContext certificate store methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0397 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-17 16:15 修改: 2024-07-03 01:44
python3.8-minimal	CVE-2024-0450	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.10	python: The zipfile module is vulnerable to zip-bombs leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-03-19 16:15 修改: 2024-06-10 18:15
python3.8-minimal	CVE-2024-11168	中危	3.8.10-0ubuntu1~20.04.4		python: Improper validation of IPv6 and IPvFuture addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-11-12 22:15 修改: 2025-01-06 18:15
python3.8-minimal	CVE-2024-6232	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-09-03 13:15 修改: 2024-09-04 21:15
python3.8-minimal	CVE-2024-6923	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-01 14:15 修改: 2025-01-11 15:15
python3.8-minimal	CVE-2024-8088	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-22 19:15 修改: 2024-09-04 23:15
python3.8-minimal	CVE-2024-9287	中危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.13	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-10-22 17:15 修改: 2024-11-04 18:15
redis-tools	CVE-2020-14147	中危	5:5.0.7-2ubuntu0.1		redis: integer overflow in the getnum function in lua_struct.c could lead to a DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14147 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2020-06-15 18:15 修改: 2021-07-30 13:59
redis-tools	CVE-2021-32626	中危	5:5.0.7-2ubuntu0.1		redis: Lua scripts can overflow the heap-based Lua stack 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32626 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32627	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with Streams 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32627 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32628	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow bug in the ziplist data structure 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32628 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32672	中危	5:5.0.7-2ubuntu0.1		redis: Out of bounds read in lua debugger protocol parser 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32672 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32675	中危	5:5.0.7-2ubuntu0.1		redis: Denial of service via Redis Standard Protocol (RESP) request 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32675 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-32687	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with intsets 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32687 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:35
redis-tools	CVE-2021-41099	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow issue with strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41099 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-10-04 18:15 修改: 2023-11-07 03:38
redis-tools	CVE-2022-24736	中危	5:5.0.7-2ubuntu0.1		redis: Malformed Lua script can crash Redis 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24736 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-27 20:15 修改: 2023-11-07 03:44
redis-tools	CVE-2022-24834	中危	5:5.0.7-2ubuntu0.1		redis: heap overflow in the lua cjson and cmsgpack libraries 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24834 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-07-13 15:15 修改: 2023-08-14 19:15
redis-tools	CVE-2022-35977	中危	5:5.0.7-2ubuntu0.1		redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35977 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-01-20 19:15 修改: 2023-02-02 14:28
redis-tools	CVE-2022-36021	中危	5:5.0.7-2ubuntu0.1		redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36021 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-01 16:15 修改: 2023-11-07 03:49
redis-tools	CVE-2023-25155	中危	5:5.0.7-2ubuntu0.1		redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25155 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-02 04:15 修改: 2023-03-10 05:02
redis-tools	CVE-2023-28856	中危	5:5.0.7-2ubuntu0.1		redis: Insufficient validation of HINCRBYFLOAT command 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28856 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-18 21:15 修改: 2023-06-01 14:15
redis-tools	CVE-2023-45145	中危	5:5.0.7-2ubuntu0.1		redis: possible bypass of Unix socket permissions on startup 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45145 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-18 21:15 修改: 2024-01-21 02:30
sudo	CVE-2023-22809	中危	1.8.31-1ubuntu1.2	1.8.31-1ubuntu1.4	sudo: arbitrary file write with privileges of the RunAs user 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22809 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-01-18 17:15 修改: 2023-11-17 19:32
sudo	CVE-2023-28486	中危	1.8.31-1ubuntu1.2	1.8.31-1ubuntu1.5	sudo: Sudo does not escape control characters in log messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28486 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-16 01:15 修改: 2024-02-03 11:15
sudo	CVE-2023-28487	中危	1.8.31-1ubuntu1.2	1.8.31-1ubuntu1.5	sudo: Sudo does not escape control characters in sudoreplay output 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28487 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-16 01:15 修改: 2024-02-03 11:15
tar	CVE-2022-48303	中危	1.30+dfsg-7ubuntu0.20.04.2	1.30+dfsg-7ubuntu0.20.04.3	tar: heap buffer overflow at from_header() in list.c via specially crafted checksum 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-48303 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-01-30 04:15 修改: 2023-05-30 17:16
tar	CVE-2023-39804	中危	1.30+dfsg-7ubuntu0.20.04.2	1.30+dfsg-7ubuntu0.20.04.4	tar: Incorrectly handled extension attributes in PAX archives can lead to a crash 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39804 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 04:15 修改: 2024-11-12 19:35
unzip	CVE-2022-0529	中危	6.0-25ubuntu1	6.0-25ubuntu1.1	unzip: Heap out-of-bound writes and reads during conversion of wide string to local string 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0529 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-02-09 23:15 修改: 2023-11-09 20:55
util-linux	CVE-2024-28085	中危	2.34-0.1ubuntu9.3	2.34-0.1ubuntu9.5	util-linux: CVE-2024-28085: wall: escape sequence injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-27 19:15 修改: 2024-08-26 21:35
wget	CVE-2021-31879	中危	1.20.3-1ubuntu2		wget: authorization header disclosure on redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31879 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-04-29 05:15 修改: 2022-05-13 20:52
wget	CVE-2024-38428	中危	1.20.3-1ubuntu2	1.20.3-1ubuntu2.1	wget: Misinterpretation of input may lead to improper behavior 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38428 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-06-16 03:15 修改: 2024-10-28 21:35
zlib1g	CVE-2022-37434	中危	1:1.2.11.dfsg-2ubuntu1.3	1:1.2.11.dfsg-2ubuntu1.5	zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37434 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-08-05 07:15 修改: 2023-07-19 00:56
libwind0-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
gpgconf	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libjpeg-turbo8	CVE-2020-17541	低危	2.0.3-0ubuntu1.20.04.1	2.0.3-0ubuntu1.20.04.3	libjpeg-turbo: Stack-based buffer overflow in the "transform" component 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-17541 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-06-01 15:15 修改: 2022-11-07 14:29
libjpeg-turbo8	CVE-2021-46822	低危	2.0.3-0ubuntu1.20.04.1	2.0.3-0ubuntu1.20.04.3	libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46822 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-06-18 16:15 修改: 2022-08-15 15:52
dirmngr	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libpython3.8-minimal	CVE-2015-20107	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.5	python: mailcap: findmatch() function does not sanitize the second argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-20107 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-13 16:15 修改: 2023-11-07 02:25
libpython3.8-minimal	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
libpython3.8-minimal	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libgnutls30	CVE-2021-4209	低危	3.6.13-2ubuntu1.6	3.6.13-2ubuntu1.7	GnuTLS: Null pointer dereference in MD_UPDATE 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4209 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-08-24 16:15 修改: 2022-10-27 16:57
gpgsm	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libc6	CVE-2016-20013	低危	2.31-0ubuntu9.9		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
libgraphicsmagick-q16-3	CVE-2017-13736	低危	1.4+really1.3.35-1		There are lots of memory leaks in the GMCommand function in magick/com ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-13736 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2017-08-29 06:29 修改: 2023-11-07 02:38
libc6	CVE-2023-4806	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in getaddrinfo() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
libc6	CVE-2023-4813	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in gaih_inet() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
libk5crypto3	CVE-2024-26458	低危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libxml2	CVE-2022-2309	低危	2.9.10+dfsg-5ubuntu0.20.04.3	2.9.10+dfsg-5ubuntu0.20.04.5	lxml: NULL Pointer Dereference in lxml 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2309 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-07-05 10:15 修改: 2023-11-07 03:46
libk5crypto3	CVE-2024-26461	低危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
curl	CVE-2022-35252	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.13	curl: Incorrect handling of control code characters in cookies 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35252 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-09-23 14:15 修改: 2024-03-27 15:00
libcap2	CVE-2023-2602	低危	1:2.32-1	1:2.32-1ubuntu0.1	libcap: Memory Leak on pthread_create() Error 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2602 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-06 20:15 修改: 2023-11-30 05:15
gpgv	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libcap2-bin	CVE-2023-2602	低危	1:2.32-1	1:2.32-1ubuntu0.1	libcap: Memory Leak on pthread_create() Error 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2602 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-06 20:15 修改: 2023-11-30 05:15
curl	CVE-2023-27533	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: TELNET option IAC injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27533 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:54
libpython3.8-stdlib	CVE-2015-20107	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.5	python: mailcap: findmatch() function does not sanitize the second argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-20107 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-13 16:15 修改: 2023-11-07 02:25
libpython3.8-stdlib	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
libpython3.8-stdlib	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libgssapi-krb5-2	CVE-2024-26458	低危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libgssapi-krb5-2	CVE-2024-26461	低危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libkrb5-26-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
gnupg	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
locales	CVE-2016-20013	低危	2.31-0ubuntu9.9		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
locales	CVE-2023-4806	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in getaddrinfo() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
locales	CVE-2023-4813	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in gaih_inet() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
graphicsmagick	CVE-2017-13736	低危	1.4+really1.3.35-1		There are lots of memory leaks in the GMCommand function in magick/com ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-13736 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2017-08-29 06:29 修改: 2023-11-07 02:38
login	CVE-2013-4235	低危	1:4.8.1-1ubuntu5.20.04.2		shadow-utils: TOCTOU race conditions by copying and removing directory trees 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4235 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2019-12-03 15:15 修改: 2023-02-13 00:28
login	CVE-2023-29383	低危	1:4.8.1-1ubuntu5.20.04.2		shadow: Improper input validation in shadow-utils package utility chfn 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-04-14 22:15 修改: 2023-04-24 18:05
login	CVE-2023-4641	低危	1:4.8.1-1ubuntu5.20.04.2	1:4.8.1-1ubuntu5.20.04.5	shadow-utils: possible password leak during passwd(1) change 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-12-27 16:15 修改: 2024-05-03 16:15
curl	CVE-2023-27534	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: SFTP path ~ resolving discrepancy 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27534 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:54
gnupg-l10n	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
ncurses-base	CVE-2021-39537	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
ncurses-base	CVE-2022-29458	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
ncurses-base	CVE-2023-45918	低危	6.2-0ubuntu2		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-base	CVE-2023-50495	低危	6.2-0ubuntu2		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libroken18-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
ncurses-bin	CVE-2021-39537	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
ncurses-bin	CVE-2022-29458	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
ncurses-bin	CVE-2023-45918	低危	6.2-0ubuntu2		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
ncurses-bin	CVE-2023-50495	低危	6.2-0ubuntu2		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
curl	CVE-2023-27536	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: GSS delegation too eager connection re-use 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27536 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:46
gnupg-utils	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
curl	CVE-2023-27538	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: SSH connection too eager reuse still 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27538 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:46
openssh-client	CVE-2021-41617	低危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.11	openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41617 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-09-26 19:15 修改: 2023-12-26 04:15
libkrb5-3	CVE-2024-26458	低危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libkrb5-3	CVE-2024-26461	低危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libgssapi3-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
openssh-server	CVE-2021-41617	低危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.11	openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41617 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-09-26 19:15 修改: 2023-12-26 04:15
libcurl4	CVE-2022-35252	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.13	curl: Incorrect handling of control code characters in cookies 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35252 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-09-23 14:15 修改: 2024-03-27 15:00
libcurl4	CVE-2023-27533	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: TELNET option IAC injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27533 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:54
libcurl4	CVE-2023-27534	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: SFTP path ~ resolving discrepancy 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27534 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:54
openssh-sftp-server	CVE-2021-41617	低危	1:8.2p1-4ubuntu0.5	1:8.2p1-4ubuntu0.11	openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41617 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-09-26 19:15 修改: 2023-12-26 04:15
libcurl4	CVE-2023-27536	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: GSS delegation too eager connection re-use 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27536 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:46
libcurl4	CVE-2023-27538	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.18	curl: SSH connection too eager reuse still 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27538 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-03-30 20:15 修改: 2024-03-27 14:46
libcurl4	CVE-2023-28321	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.19	curl: IDN wildcard match may lead to Improper Cerificate Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28321 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-26 21:15 修改: 2025-01-15 16:15
libkrb5support0	CVE-2024-26458	低危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-12-06 21:15
libkrb5support0	CVE-2024-26461	低危	1.17-6ubuntu4.1		krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-29 01:44 修改: 2024-08-14 16:35
libcurl4	CVE-2023-28322	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.19	curl: more POST-after-PUT confusion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28322 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-26 21:15 修改: 2023-12-22 16:15
openssl	CVE-2023-0464	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.18	openssl: Denial of service by excessive resource usage in verifying X509 policy constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0464 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-22 17:15 修改: 2024-06-21 19:15
openssl	CVE-2023-0465	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.18	openssl: Invalid certificate policies in leaf certificates are silently ignored 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0465 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-28 15:15 修改: 2024-02-04 09:15
openssl	CVE-2023-0466	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.18	openssl: Certificate policy check not enabled 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0466 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-28 15:15 修改: 2024-02-04 09:15
openssl	CVE-2023-3446	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.20	openssl: Excessive time spent checking DH keys and parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-07-19 12:15 修改: 2024-10-14 15:15
openssl	CVE-2023-3817	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.20	OpenSSL: Excessive time spent checking DH q parameter value 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-07-31 16:15 修改: 2024-10-14 15:15
openssl	CVE-2023-5678	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.21	openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-11-06 16:15 修改: 2024-10-14 15:15
openssl	CVE-2024-0727	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.21	openssl: denial of service via null dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-01-26 09:15 修改: 2024-10-14 15:15
openssl	CVE-2024-2511	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.23	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
openssl	CVE-2024-4741	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.23	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-11-13 11:15 修改: 2024-11-13 17:01
openssl	CVE-2024-5535	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.23	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libhcrypto4-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
passwd	CVE-2013-4235	低危	1:4.8.1-1ubuntu5.20.04.2		shadow-utils: TOCTOU race conditions by copying and removing directory trees 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4235 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2019-12-03 15:15 修改: 2023-02-13 00:28
passwd	CVE-2023-29383	低危	1:4.8.1-1ubuntu5.20.04.2		shadow: Improper input validation in shadow-utils package utility chfn 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-04-14 22:15 修改: 2023-04-24 18:05
passwd	CVE-2023-4641	低危	1:4.8.1-1ubuntu5.20.04.2	1:4.8.1-1ubuntu5.20.04.5	shadow-utils: possible password leak during passwd(1) change 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-12-27 16:15 修改: 2024-05-03 16:15
libssl1.1	CVE-2023-0464	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.18	openssl: Denial of service by excessive resource usage in verifying X509 policy constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0464 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-22 17:15 修改: 2024-06-21 19:15
libssl1.1	CVE-2023-0465	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.18	openssl: Invalid certificate policies in leaf certificates are silently ignored 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0465 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-28 15:15 修改: 2024-02-04 09:15
libssl1.1	CVE-2023-0466	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.18	openssl: Certificate policy check not enabled 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0466 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-28 15:15 修改: 2024-02-04 09:15
libssl1.1	CVE-2023-3446	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.20	openssl: Excessive time spent checking DH keys and parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-07-19 12:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2023-3817	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.20	OpenSSL: Excessive time spent checking DH q parameter value 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-07-31 16:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2023-5678	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.21	openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-11-06 16:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2024-0727	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.21	openssl: denial of service via null dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-01-26 09:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2024-2511	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.23	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-04-08 14:15 修改: 2024-10-14 15:15
libssl1.1	CVE-2024-4741	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.23	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-11-13 11:15 修改: 2024-11-13 17:01
libssl1.1	CVE-2024-5535	低危	1.1.1f-1ubuntu2.15	1.1.1f-1ubuntu2.23	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2024-06-27 11:15 修改: 2024-07-12 14:15
libldap-2.4-2	CVE-2023-2953	低危	2.4.49+dfsg-2ubuntu1.9	2.4.49+dfsg-2ubuntu1.10	openldap: null pointer dereference in ber_memalloc_x function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2953 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-05-30 22:15 修改: 2025-01-10 22:15
libldap-common	CVE-2023-2953	低危	2.4.49+dfsg-2ubuntu1.9	2.4.49+dfsg-2ubuntu1.10	openldap: null pointer dereference in ber_memalloc_x function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2953 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-05-30 22:15 修改: 2025-01-10 22:15
libsystemd0	CVE-2023-26604	低危	245.4-4ubuntu3.17		systemd: privilege escalation via the less pager 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09
libsystemd0	CVE-2023-7008	低危	245.4-4ubuntu3.17		systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15
libcurl4	CVE-2023-38546	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.20	curl: cookie injection with none file 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38546 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-18 04:15 修改: 2024-07-09 14:15
libcurl4	CVE-2024-11053	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.25	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-12-11 08:15 修改: 2024-12-15 17:15
libncurses5	CVE-2021-39537	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
libncurses5	CVE-2022-29458	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
libncurses5	CVE-2023-45918	低危	6.2-0ubuntu2		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncurses5	CVE-2023-50495	低危	6.2-0ubuntu2		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
gnupg2	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libncurses6	CVE-2021-39537	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
libncurses6	CVE-2022-29458	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
libncurses6	CVE-2023-45918	低危	6.2-0ubuntu2		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncurses6	CVE-2023-50495	低危	6.2-0ubuntu2		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libelf1	CVE-2021-33294	低危	0.176-1.1build1	0.176-1.1ubuntu0.1	elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33294 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-07-18 14:15 修改: 2023-07-27 15:19
libncursesw6	CVE-2021-39537	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
libncursesw6	CVE-2022-29458	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
libncursesw6	CVE-2023-45918	低危	6.2-0ubuntu2		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libncursesw6	CVE-2023-50495	低危	6.2-0ubuntu2		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
curl	CVE-2023-28321	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.19	curl: IDN wildcard match may lead to Improper Cerificate Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28321 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-26 21:15 修改: 2025-01-15 16:15
libasn1-8-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
gpg	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
libheimbase1-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
curl	CVE-2023-28322	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.19	curl: more POST-after-PUT confusion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28322 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-26 21:15 修改: 2023-12-22 16:15
libpam-modules	CVE-2022-28321	低危	1.3.1-5ubuntu4.3	1.3.1-5ubuntu4.4	pam: authentication bypass for SSH logins 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28321 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-09-19 22:15 修改: 2023-08-08 14:21
gpg-agent	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
procps	CVE-2023-4016	低危	2:3.3.16-1ubuntu2.3	2:3.3.16-1ubuntu2.4	procps: ps buffer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4016 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-08-02 05:15 修改: 2023-12-15 18:19
curl	CVE-2023-38546	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.20	curl: cookie injection with none file 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38546 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-18 04:15 修改: 2024-07-09 14:15
libpam-modules-bin	CVE-2022-28321	低危	1.3.1-5ubuntu4.3	1.3.1-5ubuntu4.4	pam: authentication bypass for SSH logins 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28321 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-09-19 22:15 修改: 2023-08-08 14:21
gpg-wks-client	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
curl	CVE-2024-11053	低危	7.68.0-1ubuntu2.12	7.68.0-1ubuntu2.25	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-12-11 08:15 修改: 2024-12-15 17:15
libpam-runtime	CVE-2022-28321	低危	1.3.1-5ubuntu4.3	1.3.1-5ubuntu4.4	pam: authentication bypass for SSH logins 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28321 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-09-19 22:15 修改: 2023-08-08 14:21
libc-bin	CVE-2016-20013	低危	2.31-0ubuntu9.9		漏洞详情: https://avd.aquasec.com/nvd/cve-2016-20013 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2022-02-19 05:15 修改: 2022-03-03 16:43
libc-bin	CVE-2023-4806	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in getaddrinfo() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4806 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-09-18 17:15 修改: 2024-09-16 14:15
libpam0g	CVE-2022-28321	低危	1.3.1-5ubuntu4.3	1.3.1-5ubuntu4.4	pam: authentication bypass for SSH logins 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28321 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-09-19 22:15 修改: 2023-08-08 14:21
libpcre2-8-0	CVE-2022-1586	低危	10.34-7	10.34-7ubuntu0.1	pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1586 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-05-16 21:15 修改: 2023-11-07 03:42
libtiff5	CVE-2022-2056	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.5	libtiff: division by zero issues in tiffcrop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2056 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-06-30 16:15 修改: 2023-11-07 03:46
libtiff5	CVE-2022-2057	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.5	libtiff: division by zero issues in tiffcrop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2057 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-06-30 16:15 修改: 2023-11-07 03:46
libtiff5	CVE-2022-2058	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.5	libtiff: division by zero issues in tiffcrop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2058 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-06-30 16:15 修改: 2023-11-07 03:46
libtiff5	CVE-2022-22844	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.4	libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22844 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-01-10 14:12 修改: 2022-11-16 19:07
libtiff5	CVE-2022-2867	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2867 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-17 22:15 修改: 2023-11-07 03:47
libtiff5	CVE-2022-2868	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2868 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-17 22:15 修改: 2023-11-07 03:47
python3.8	CVE-2015-20107	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.5	python: mailcap: findmatch() function does not sanitize the second argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-20107 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-13 16:15 修改: 2023-11-07 02:25
python3.8	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
python3.8	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libtiff5	CVE-2022-2869	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2869 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-17 22:15 修改: 2023-11-07 03:47
libtiff5	CVE-2023-1916	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.10	libtiff: out-of-bounds read in extractImageSection() in tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1916 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-04-10 22:15 修改: 2023-12-23 07:15
libtiff5	CVE-2023-25434	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: heap-buffer overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25434 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-14 20:15 修改: 2025-01-06 17:15
libtiff5	CVE-2023-25435	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.8	libtiff: tiffcrop: heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25435 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-21 20:15 修改: 2024-12-06 20:15
libtiff5	CVE-2023-26965	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: heap-based use after free via a crafted TIFF image in loadImage() in tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26965 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-14 21:15 修改: 2025-01-06 17:15
libtiff5	CVE-2023-30086	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.6	libtiff: Heap buffer overflow in tiffcp() at tiffcp.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30086 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-05-09 16:15 修改: 2023-06-16 15:15
libtiff5	CVE-2023-3164	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.13	libtiff: heap-buffer-overflow in extractImageSection() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3164 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-11-02 12:15 修改: 2024-03-08 19:38
libtiff5	CVE-2023-3316	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.9	libtiff: tiffcrop: null pointer dereference in TIFFClose() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3316 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-06-19 12:15 修改: 2023-08-01 02:15
libtiff5	CVE-2023-3576	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.11	libtiff: memory leak in tiffcrop.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3576 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-10-04 19:15 修改: 2024-09-16 13:15
libtiff5	CVE-2023-6228	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.12	libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6228 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-18 14:15 修改: 2024-10-11 16:15
libtiff5	CVE-2023-6277	低危	4.1.0+git191117-2ubuntu0.20.04.3	4.1.0+git191117-2ubuntu0.20.04.12	libtiff: Out-of-memory in TIFFOpen via a craft file 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6277 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-11-24 19:15 修改: 2024-09-17 01:15
libtiff5	CVE-2024-6716	低危	4.1.0+git191117-2ubuntu0.20.04.3		漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6716 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-07-15 15:15 修改: 2024-09-04 14:15
libpcre2-8-0	CVE-2022-1587	低危	10.34-7	10.34-7ubuntu0.1	pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1587 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-05-16 21:15 修改: 2023-11-07 03:42
python3.8-minimal	CVE-2015-20107	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.5	python: mailcap: findmatch() function does not sanitize the second argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-20107 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-13 16:15 修改: 2023-11-07 02:25
python3.8-minimal	CVE-2024-4032	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.11	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-06-17 15:15 修改: 2024-08-29 21:35
python3.8-minimal	CVE-2024-7592	低危	3.8.10-0ubuntu1~20.04.4	3.8.10-0ubuntu1~20.04.12	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-08-19 19:15 修改: 2024-09-04 21:15
libtinfo5	CVE-2021-39537	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
libtinfo5	CVE-2022-29458	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
libtinfo5	CVE-2023-45918	低危	6.2-0ubuntu2		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libtinfo5	CVE-2023-50495	低危	6.2-0ubuntu2		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libpcre2-8-0	CVE-2022-41409	低危	10.34-7		pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-07-18 14:15 修改: 2023-07-27 03:46
libtinfo6	CVE-2021-39537	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
libtinfo6	CVE-2022-29458	低危	6.2-0ubuntu2	6.2-0ubuntu2.1	ncurses: segfaulting OOB read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2022-04-18 21:15 修改: 2023-11-07 03:46
libtinfo6	CVE-2023-45918	低危	6.2-0ubuntu2		ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45918 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-02-16 22:15 修改: 2024-11-21 21:15
libtinfo6	CVE-2023-50495	低危	6.2-0ubuntu2		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-12-12 15:15 修改: 2024-01-31 03:15
libpcre3	CVE-2017-11164	低危	2:8.39-12ubuntu0.1		pcre: OP_KETRMAX feature in the match function in pcre_exec.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-11164 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2017-07-11 03:29 修改: 2023-11-07 02:38
libheimntlm0-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
libudev1	CVE-2023-26604	低危	245.4-4ubuntu3.17		systemd: privilege escalation via the less pager 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26604 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-03-03 16:15 修改: 2023-11-07 04:09
libudev1	CVE-2023-7008	低危	245.4-4ubuntu3.17		systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-12-23 13:15 修改: 2024-11-22 12:15
libfreetype6	CVE-2022-27405	低危	2.10.1-2ubuntu0.1	2.10.1-2ubuntu0.2	FreeType: Segmentation violation via FNT_Size_Request 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27405 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-22 14:15 修改: 2024-02-29 01:34
libfreetype6	CVE-2022-27406	低危	2.10.1-2ubuntu0.1	2.10.1-2ubuntu0.2	Freetype: Segmentation violation via FT_Request_Size 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27406 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-22 14:15 修改: 2024-02-29 01:34
libprocps8	CVE-2023-4016	低危	2:3.3.16-1ubuntu2.3	2:3.3.16-1ubuntu2.4	procps: ps buffer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4016 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2023-08-02 05:15 修改: 2023-12-15 18:19
libgcrypt20	CVE-2024-2236	低危	1.8.5-5ubuntu1.1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2024-03-06 22:15 修改: 2024-11-12 18:15
libgd3	CVE-2021-40812	低危	2.2.5-5.2ubuntu2.1	2.2.5-5.2ubuntu2.4	The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40812 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2021-09-08 21:15 修改: 2024-10-29 14:35
libgmp10	CVE-2021-43618	低危	2:6.2.0+dfsg-4	2:6.2.0+dfsg-4ubuntu0.1	gmp: Integer overflow and resultant buffer overflow via crafted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43618 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2021-11-15 04:15 修改: 2023-09-29 15:15
libc-bin	CVE-2023-4813	低危	2.31-0ubuntu9.9	2.31-0ubuntu9.14	glibc: potential use-after-free in gaih_inet() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4813 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-09-12 22:15 修改: 2024-09-16 14:15
gpg-wks-server	CVE-2022-3219	低危	2.2.19-3ubuntu2.1		gnupg: denial of service issue (resource consumption) using compressed packets 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2023-02-23 20:15 修改: 2023-05-26 16:31
unzip	CVE-2021-4217	低危	6.0-25ubuntu1	6.0-25ubuntu1.1	unzip: Null pointer dereference in Unicode strings code 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4217 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-08-24 16:15 修改: 2022-11-29 15:45
unzip	CVE-2022-0530	低危	6.0-25ubuntu1	6.0-25ubuntu1.1	unzip: SIGSEGV during the conversion of an utf-8 string to a local string 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0530 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-02-09 23:15 修改: 2023-11-09 20:55
libhx509-5-heimdal	CVE-2021-3671	低危	7.7.0+dfsg-1ubuntu1	7.7.0+dfsg-1ubuntu1.1	samba: Null pointer dereference on missing sname in TGS-REQ 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3671 镜像层: sha256:d8f46a16169209039b44ad6fed4ce6217f0a82f389ad8d875affa9bcec184cf5 发布日期: 2021-10-12 18:15 修改: 2023-11-07 03:38
coreutils	CVE-2016-2781	低危	8.30-3ubuntu2		coreutils: Non-privileged session can escape to the parent session in chroot 漏洞详情: https://avd.aquasec.com/nvd/cve-2016-2781 镜像层: sha256:bf8cedc62fb3ef98ad0dff2be56ca451dd3ea69abd0031ad3e0fe5d9f9e4dfff 发布日期: 2017-02-07 15:59 修改: 2023-11-07 02:32
libjbig0	CVE-2017-9937	低危	2.1-3.1build1	2.1-3.1ubuntu0.20.04.1	libtiff: memory malloc failure in tif_jbig.c could cause DOS. 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-9937 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2017-06-26 12:29 修改: 2023-11-07 02:50
libjbig0	CVE-2022-1210	低危	2.1-3.1build1	2.1-3.1ubuntu0.20.04.1	tiff: Malicious file leads to a denial of service in TIFF File Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1210 镜像层: sha256:3779c1c322f0b10c309f88222038a88b7b8d993a15781e2beeaf1b661072cd23 发布日期: 2022-04-03 09:15 修改: 2023-07-24 13:46

Java (jar)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Node.js (node-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Ruby (gemspec)

低危漏洞:8

中危漏洞:97

高危漏洞:66

严重漏洞:12

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
activerecord	CVE-2022-32224	严重	6.1.4.7	~> 5.2.8, >= 5.2.8.1, ~> 6.0.5, >= 6.0.5.1, ~> 6.1.6, >= 6.1.6.1, >= 7.0.3.1	activerecord: Possible RCE escalation bug with Serialized Columns in Active Record 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32224 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-05 22:15 修改: 2022-12-08 13:20
diffy	CVE-2022-33127	严重	3.3.0	>= 3.4.1	rubygem-diffy: remote code execution from user controlled diff file paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-33127 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2022-06-29 18:28
git	CVE-2022-25648	严重	1.10.2	>= 1.11.0	ruby-git: package vulnerable to Command Injection via git argument injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25648 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-04-19 17:15 修改: 2023-11-07 03:44
git	CVE-2022-25648	严重	1.7.0	>= 1.11.0	ruby-git: package vulnerable to Command Injection via git argument injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25648 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-04-19 17:15 修改: 2023-11-07 03:44
jmespath	CVE-2022-32511	严重	1.4.0	>= 1.6.1	jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a s ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32511 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-06 22:15 修改: 2023-11-07 03:47
omniauth	CVE-2020-36599	严重	1.9.1	~> 1.9.2, >= 2.0.0	lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36599 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-18 23:15 修改: 2024-06-18 16:15
omniauth-saml	CVE-2024-45409	严重	1.10.0	>= 1.10.5, < 2.0.0, ~> 2.1.2, >= 2.2.1	The Ruby SAML library is for implementing the client side of a SAML au ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-10 19:15 修改: 2024-09-20 14:13
omniauth-saml	GHSA-cvp8-5r8g-fhvq	严重	1.10.0	2.1.2, 1.10.5, 2.2.1	omniauth-saml vulnerable to Improper Verification of Cryptographic Signature 漏洞详情: https://github.com/advisories/GHSA-cvp8-5r8g-fhvq 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2022-24790	严重	5.6.2	~> 4.3.12, >= 5.6.4	puma-5.6.4: http request smuggling vulnerabilities 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-30 22:15 修改: 2023-11-07 03:44
rack	CVE-2022-30123	严重	2.2.3	~> 2.0.9, >= 2.0.9.1, ~> 2.1.4, >= 2.1.4.1, >= 2.2.3.1	rubygem-rack: crafted requests can cause shell escape sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30123 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-05 22:15 修改: 2023-12-08 22:15
ruby-saml	CVE-2024-45409	严重	1.13.0	~> 1.12.3, >= 1.17.0	The Ruby SAML library is for implementing the client side of a SAML au ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-10 19:15 修改: 2024-09-20 14:13
stringio	CVE-2024-27280	严重	0.1.0	>= 3.0.1.1	ruby: Buffer overread vulnerability in StringIO 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27280 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-05-14 15:11 修改: 2024-07-03 01:50
addressable	CVE-2021-32740	高危	2.7.0	>= 2.8.0	rubygem-addressable: ReDoS in templates 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32740 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-07-06 15:15 修改: 2023-11-07 03:35
bundler	CVE-2020-36327	高危	2.1.4	= 2.2.10, >= 2.2.18	rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36327 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-04-29 03:15 修改: 2023-11-07 03:22
cgi	CVE-2021-33621	高危	0.1.0.1	~> 0.1.0.2, ~> 0.2.2, >= 0.3.5	ruby/cgi-gem: HTTP response splitting in CGI 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33621 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-18 23:15 修改: 2024-01-24 05:15
commonmarker	GHSA-48wp-p9qv-4j64	高危	0.23.4	>= 0.23.9	Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service 漏洞详情: https://github.com/advisories/GHSA-48wp-p9qv-4j64 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
actionpack	CVE-2023-22792	高危	6.1.4.7	~> 5.2.8, >= 5.2.8.15, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1	rubygem-actionpack: Denial of Service in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22792 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2024-02-02 14:15
actionpack	CVE-2023-22792	高危	6.1.4.7	~> 5.2.8, >= 5.2.8.15, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1	rubygem-actionpack: Denial of Service in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22792 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2024-02-02 14:15
git	CVE-2022-47318	高危	1.10.2	>= 1.13.0	ruby-git: code injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-47318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-01-17 10:15 修改: 2023-11-07 03:56
actionpack	CVE-2023-22795	高危	6.1.4.7	~> 5.2.8, >= 5.2.8.15, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1	rubygem-actionpack: Denial of Service in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2024-02-02 14:15
git	CVE-2022-47318	高危	1.7.0	>= 1.13.0	ruby-git: code injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-47318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-01-17 10:15 修改: 2023-11-07 03:56
globalid	CVE-2023-22799	高危	1.0.0	>= 1.0.1	rubygem-globalid: ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22799 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2023-02-16 20:18
google-protobuf	CVE-2021-22569	高危	3.19.1	>= 3.19.2	protobuf-java: potential DoS in the parsing procedure for binary data 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
google-protobuf	CVE-2024-7254	高危	3.19.1	~> 3.25.5, ~> 4.27.5, >= 4.28.2	protobuf: StackOverflow vulnerability in Protocol Buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
google-protobuf	CVE-2024-7254	高危	3.19.4	~> 3.25.5, ~> 4.27.5, >= 4.28.2	protobuf: StackOverflow vulnerability in Protocol Buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
grpc	CVE-2023-1428	高危	1.42.0	>= 1.53.0	gRPC: Reachable Assertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1428 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:17
grpc	CVE-2023-1428	高危	1.42.0	>= 1.53.0	gRPC: Reachable Assertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1428 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:17
grpc	CVE-2023-32731	高危	1.42.0	>= 1.53.1	gRPC: sensitive information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32731 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:18
grpc	CVE-2023-32731	高危	1.42.0	>= 1.53.1	gRPC: sensitive information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32731 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:18
grpc	CVE-2023-33953	高危	1.42.0	~> 1.53.2, ~> 1.54.3, ~> 1.55.2, >= 1.56.2	gRPC: hpack table accounting errors can lead to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33953 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-09 13:15 修改: 2023-08-17 14:15
grpc	CVE-2023-33953	高危	1.42.0	~> 1.53.2, ~> 1.54.3, ~> 1.55.2, >= 1.56.2	gRPC: hpack table accounting errors can lead to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33953 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-09 13:15 修改: 2023-08-17 14:15
actionpack	CVE-2023-22795	高危	6.1.4.7	~> 5.2.8, >= 5.2.8.15, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1	rubygem-actionpack: Denial of Service in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2024-02-02 14:15
kubeclient	CVE-2022-0759	高危	4.9.2	>= 4.9.3	kubeclient: kubeconfig parsing error can lead to MITM attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0759 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-25 19:15 修改: 2022-04-07 19:13
loofah	CVE-2022-23514	高危	2.16.0	>= 2.19.1	rubygem-loofah: inefficient regular expression leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23514 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 14:15 修改: 2023-09-13 17:15
loofah	CVE-2022-23514	高危	2.16.0	>= 2.19.1	rubygem-loofah: inefficient regular expression leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23514 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 14:15 修改: 2023-09-13 17:15
loofah	CVE-2022-23516	高危	2.16.0	>= 2.19.1	rubygem-loofah: Uncontrolled Recursion leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23516 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 14:15 修改: 2023-09-13 17:15
loofah	CVE-2022-23516	高危	2.16.0	>= 2.19.1	rubygem-loofah: Uncontrolled Recursion leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23516 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 14:15 修改: 2023-09-13 17:15
nokogiri	CVE-2018-25032	高危	1.13.3	>= 1.13.4	zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25032 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-25 09:15 修改: 2023-11-07 02:56
nokogiri	CVE-2018-25032	高危	1.13.3	>= 1.13.4	zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25032 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-25 09:15 修改: 2023-11-07 02:56
nokogiri	CVE-2022-24836	高危	1.13.3	>= 1.13.4	nokogiri: ReDoS in HTML encoding detection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24836 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-04-11 22:15 修改: 2023-11-07 03:44
nokogiri	CVE-2022-24836	高危	1.13.3	>= 1.13.4	nokogiri: ReDoS in HTML encoding detection 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24836 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-04-11 22:15 修改: 2023-11-07 03:44
nokogiri	CVE-2022-24839	高危	1.13.3	>= 1.13.4	nokogiri: Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24839 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-04-11 22:15 修改: 2023-02-23 20:19
nokogiri	CVE-2022-24839	高危	1.13.3	>= 1.13.4	nokogiri: Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24839 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-04-11 22:15 修改: 2023-02-23 20:19
nokogiri	CVE-2022-29181	高危	1.13.3	>= 1.13.6	rubygem-nokogiri: Improper Handling of Unexpected Data Type in Nokogiri 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29181 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-20 19:15 修改: 2023-02-16 02:31
nokogiri	CVE-2022-29181	高危	1.13.3	>= 1.13.6	rubygem-nokogiri: Improper Handling of Unexpected Data Type in Nokogiri 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29181 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-20 19:15 修改: 2023-02-16 02:31
nokogiri	GHSA-cgx6-hpwq-fhv5	高危	1.13.3	>= 1.13.5	Integer Overflow or Wraparound in libxml2 affects Nokogiri 漏洞详情: https://github.com/advisories/GHSA-cgx6-hpwq-fhv5 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-cgx6-hpwq-fhv5	高危	1.13.3	>= 1.13.5	Integer Overflow or Wraparound in libxml2 affects Nokogiri 漏洞详情: https://github.com/advisories/GHSA-cgx6-hpwq-fhv5 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-gx8x-g87m-h5q6	高危	1.13.3	1.13.4	Denial of Service (DoS) in Nokogiri on JRuby 漏洞详情: https://github.com/advisories/GHSA-gx8x-g87m-h5q6 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-gx8x-g87m-h5q6	高危	1.13.3	1.13.4	Denial of Service (DoS) in Nokogiri on JRuby 漏洞详情: https://github.com/advisories/GHSA-gx8x-g87m-h5q6 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-v6gp-9mmm-c6p5	高危	1.13.3	1.13.4	Out-of-bounds Write in zlib affects Nokogiri 漏洞详情: https://github.com/advisories/GHSA-v6gp-9mmm-c6p5 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-v6gp-9mmm-c6p5	高危	1.13.3	1.13.4	Out-of-bounds Write in zlib affects Nokogiri 漏洞详情: https://github.com/advisories/GHSA-v6gp-9mmm-c6p5 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
actionview	CVE-2023-23913	高危	6.1.4.7	~> 6.1.7.3, >= 7.0.4.3	rails: DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23913 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 18:15
omniauth	CVE-2015-9284	高危	1.9.1	>= 2.0.0	rubygem-omniauth: request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery leading to connection without user intent 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-9284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2019-04-26 15:29 修改: 2024-02-14 16:29
actionview	CVE-2023-23913	高危	6.1.4.7	~> 6.1.7.3, >= 7.0.4.3	rails: DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23913 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 18:15
RedCloth	CVE-2023-31606	高危	4.3.2	4.3.3	RedCloth: Regular expression denial of service in sanitize_html function 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31606 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-06 17:15 修改: 2024-01-10 14:15
activerecord	CVE-2022-44566	高危	6.1.4.7	~> 5.2.8, >= 5.2.8.15, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1	rubygem-activerecord: Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44566 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2023-06-23 18:29
activerecord	CVE-2023-22794	高危	6.1.4.7	~> 6.0.6, >= 6.0.6.1, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1	rubygem-activerecord: SQL Injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22794 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2024-02-02 14:15
rack	CVE-2022-30122	高危	2.2.3	~> 2.0.9, >= 2.0.9.1, ~> 2.1.4, >= 2.1.4.1, >= 2.2.3.1	rubygem-rack: crafted multipart POST request may cause a DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30122 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-05 22:15 修改: 2023-12-20 03:02
rack	CVE-2022-44570	高危	2.2.3	~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.2, >= 3.0.4.1	rubygem-rack: denial of service in Content-Disposition parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44570 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2023-12-08 22:15
rack	CVE-2022-44571	高危	2.2.3	~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.1, >= 3.0.4.1	rubygem-rack: denial of service in Content-Disposition parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44571 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2023-12-08 22:15
rack	CVE-2022-44572	高危	2.2.3	~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.1, >= 3.0.4.1	rubygem-rack: denial of service in Content-Disposition parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44572 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2023-12-08 22:15
rack	CVE-2023-27530	高危	2.2.3	~> 2.0.9, >= 2.0.9.3, ~> 2.1.4, >= 2.1.4.3, ~> 2.2.6, >= 2.2.6.3, >= 3.0.4.2	rubygem-rack: Denial of service in Multipart MIME parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27530 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-10 22:15 修改: 2024-10-15 19:35
rack	CVE-2022-44570	高危	2.2.3.1	~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.2, >= 3.0.4.1	rubygem-rack: denial of service in Content-Disposition parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44570 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2023-12-08 22:15
rack	CVE-2022-44571	高危	2.2.3.1	~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.1, >= 3.0.4.1	rubygem-rack: denial of service in Content-Disposition parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44571 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2023-12-08 22:15
rack	CVE-2022-44572	高危	2.2.3.1	~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= 2.2.6.1, >= 3.0.4.1	rubygem-rack: denial of service in Content-Disposition parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44572 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2023-12-08 22:15
rack	CVE-2023-27530	高危	2.2.3.1	~> 2.0.9, >= 2.0.9.3, ~> 2.1.4, >= 2.1.4.3, ~> 2.2.6, >= 2.2.6.3, >= 3.0.4.2	rubygem-rack: Denial of service in Multipart MIME parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27530 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-10 22:15 修改: 2024-10-15 19:35
rails-html-sanitizer	CVE-2022-23517	高危	1.4.2	>= 1.4.4	rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23517 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 17:15 修改: 2024-02-01 16:24
rails-html-sanitizer	CVE-2022-23517	高危	1.4.2	>= 1.4.4	rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23517 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 17:15 修改: 2024-02-01 16:24
rexml	CVE-2024-49761	高危	3.2.3.1	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-49761	高危	3.2.5	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-49761	高危	3.2.5	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-49761	高危	3.2.5	>= 3.3.9	rexml: REXML ReDoS vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-28 15:15 修改: 2024-12-27 16:15
activesupport	CVE-2023-22796	高危	6.1.4.7	~> 5.2.8, >= 5.2.8.15, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1	rubygem-activesupport: Regular Expression Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22796 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2024-02-02 14:15
sanitize	CVE-2023-36823	高危	6.0.0	>= 6.0.2	Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36823 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-06 16:15 修改: 2023-12-22 15:15
sanitize	CVE-2023-36823	高危	6.0.0	>= 6.0.2	Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36823 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-06 16:15 修改: 2023-12-22 15:15
activesupport	CVE-2023-22796	高危	6.1.4.7	~> 5.2.8, >= 5.2.8.15, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1	rubygem-activesupport: Regular Expression Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22796 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-09 20:15 修改: 2024-02-02 14:15
uri	CVE-2023-28755	高危	0.10.0	~> 0.10.0.1, ~> 0.10.2, ~> 0.11.1, >= 0.12.1	ruby: ReDoS vulnerability in URI 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28755 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-31 04:15 修改: 2024-05-04 03:15
webrick	CVE-2024-47220	高危	1.6.1	>= 1.8.2	WEBrick: HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47220 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-22 01:15 修改: 2025-01-09 18:15
actionpack	CVE-2023-28362	中危	6.1.4.7	~> 6.1.7.4, >= 7.0.5.1	actionpack: Possible XSS via User Supplied Values to redirect_to 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28362 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
actionpack	CVE-2023-28362	中危	6.1.4.7	~> 6.1.7.4, >= 7.0.5.1	actionpack: Possible XSS via User Supplied Values to redirect_to 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28362 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
git	CVE-2022-46648	中危	1.10.2	>= 1.13.0	ruby-git: code injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46648 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-01-17 10:15 修改: 2023-02-02 18:45
actionpack	CVE-2024-28103	中危	6.1.4.7	~> 6.1.7, >= 6.1.7.8, ~> 7.0.8, >= 7.0.8.4, ~> 7.1.3, >= 7.1.3.4, >= 7.2.0.beta2	rubygem-actionpack: Missing security headers in Action Pack on non-HTML responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28103 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-04 20:15 修改: 2024-12-06 14:15
activestorage	CVE-2024-26144	中危	6.1.4.7	~> 6.1.7, >= 6.1.7.7, >= 7.0.8.1	rubygem-activestorage: Possible Sensitive Session Information Leak in Active Storage 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26144 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-02-27 16:15 修改: 2024-06-10 16:15
git	CVE-2022-46648	中危	1.7.0	>= 1.13.0	ruby-git: code injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46648 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-01-17 10:15 修改: 2023-02-02 18:45
actionpack	CVE-2024-28103	中危	6.1.4.7	~> 6.1.7, >= 6.1.7.8, ~> 7.0.8, >= 7.0.8.4, ~> 7.1.3, >= 7.1.3.4, >= 7.2.0.beta2	rubygem-actionpack: Missing security headers in Action Pack on non-HTML responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28103 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-04 20:15 修改: 2024-12-06 14:15
actionpack	CVE-2024-54133	中危	6.1.4.7	~> 7.0.8.7, ~> 7.1.5.1, ~> 7.2.2.1, >= 8.0.0.1	actionpack: Possible Content Security Policy bypass in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-54133 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-10 23:15 修改: 2024-12-10 23:15
activesupport	CVE-2023-28120	中危	6.1.4.7	~> 6.1.7, >= 6.1.7.3, >= 7.0.4.3	rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28120 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
google-protobuf	CVE-2022-3171	中危	3.19.1	~> 3.16.3, ~> 3.19.6, ~> 3.20.3, >= 3.21.7	protobuf-java: timeout in parser leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
nokogiri	CVE-2022-23437	中危	1.13.3	>= 1.13.4	xerces-j2: infinite loop when handling specially crafted XML document payloads 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23437 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-01-24 15:15 修改: 2023-08-08 14:22
nokogiri	CVE-2022-23437	中危	1.13.3	>= 1.13.4	xerces-j2: infinite loop when handling specially crafted XML document payloads 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23437 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-01-24 15:15 修改: 2023-08-08 14:22
nokogiri	GHSA-2qc6-mcvw-92cw	中危	1.13.3	>= 1.13.9	Update bundled libxml2 to v2.10.3 to resolve multiple CVEs 漏洞详情: https://github.com/advisories/GHSA-2qc6-mcvw-92cw 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-2qc6-mcvw-92cw	中危	1.13.3	>= 1.13.9	Update bundled libxml2 to v2.10.3 to resolve multiple CVEs 漏洞详情: https://github.com/advisories/GHSA-2qc6-mcvw-92cw 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-pxvg-2qj5-37jq	中危	1.13.3	>= 1.14.3	Update packaged libxml2 to v2.10.4 to resolve multiple CVEs 漏洞详情: https://github.com/advisories/GHSA-pxvg-2qj5-37jq 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-pxvg-2qj5-37jq	中危	1.13.3	>= 1.14.3	Update packaged libxml2 to v2.10.4 to resolve multiple CVEs 漏洞详情: https://github.com/advisories/GHSA-pxvg-2qj5-37jq 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-vcc3-rw6f-jv97	中危	1.13.3	1.15.6, 1.16.2	Use-after-free in libxml2 via Nokogiri::XML::Reader 漏洞详情: https://github.com/advisories/GHSA-vcc3-rw6f-jv97 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-vcc3-rw6f-jv97	中危	1.13.3	1.15.6, 1.16.2	Use-after-free in libxml2 via Nokogiri::XML::Reader 漏洞详情: https://github.com/advisories/GHSA-vcc3-rw6f-jv97 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-xc9x-jj77-9p9j	中危	1.13.3	~> 1.15.6, >= 1.16.2	Use-after-free in libxml2 via Nokogiri::XML::Reader 漏洞详情: https://github.com/advisories/GHSA-xc9x-jj77-9p9j 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-xc9x-jj77-9p9j	中危	1.13.3	~> 1.15.6, >= 1.16.2	Use-after-free in libxml2 via Nokogiri::XML::Reader 漏洞详情: https://github.com/advisories/GHSA-xc9x-jj77-9p9j 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-xxx9-3xcr-gjj3	中危	1.13.3	1.13.4	XML Injection in Xerces Java affects Nokogiri 漏洞详情: https://github.com/advisories/GHSA-xxx9-3xcr-gjj3 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-xxx9-3xcr-gjj3	中危	1.13.3	1.13.4	XML Injection in Xerces Java affects Nokogiri 漏洞详情: https://github.com/advisories/GHSA-xxx9-3xcr-gjj3 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
activesupport	CVE-2023-28120	中危	6.1.4.7	~> 6.1.7, >= 6.1.7.3, >= 7.0.4.3	rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28120 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
google-protobuf	CVE-2022-3171	中危	3.19.4	~> 3.16.3, ~> 3.19.6, ~> 3.20.3, >= 3.21.7	protobuf-java: timeout in parser leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
activesupport	CVE-2023-38037	中危	6.1.4.7	~> 6.1.7, >= 6.1.7.5, >= 7.0.7.1	rubygem-activesupport: File Disclosure of Locally Encrypted Files 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38037 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
activesupport	CVE-2023-38037	中危	6.1.4.7	~> 6.1.7, >= 6.1.7.5, >= 7.0.7.1	rubygem-activesupport: File Disclosure of Locally Encrypted Files 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-38037 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
actionpack	CVE-2024-54133	中危	6.1.4.7	~> 7.0.8.7, ~> 7.1.5.1, ~> 7.2.2.1, >= 8.0.0.1	actionpack: Possible Content Security Policy bypass in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-54133 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-10 23:15 修改: 2024-12-10 23:15
puma	CVE-2023-40175	中危	5.6.2	~> 5.6.7, >= 6.3.1	rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40175 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-18 22:15 修改: 2023-08-24 18:48
puma	CVE-2024-21647	中危	5.6.2	~> 5.6.8, >= 6.4.2	rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21647 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-01-08 14:15 修改: 2024-01-11 17:31
puma	CVE-2024-45614	中危	5.6.2	~> 5.6.9, >= 6.4.3	rubygem-puma: Header normalization allows for client to clobber proxy set headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45614 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-19 23:15 修改: 2024-09-26 13:28
actionpack	CVE-2022-22577	中危	6.1.4.7	~> 5.2.7, >= 5.2.7.1, ~> 6.0.4, >= 6.0.4.8, ~> 6.1.5, >= 6.1.5.1, >= 7.0.2.4	rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22577 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-26 17:15 修改: 2023-03-14 08:15
bundler	CVE-2021-43809	中危	2.1.4	>= 2.2.33	rubygem-bundler: unexpected code execution in Gemfiles 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43809 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-12-08 19:15 修改: 2023-11-16 03:04
carrierwave	CVE-2023-49090	中危	1.3.2	~> 2.2.5, >= 3.0.5	CarrierWave is a solution for file uploads for Rails, Sinatra and othe ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49090 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-29 15:15 修改: 2023-12-05 16:25
grpc	CVE-2023-32732	中危	1.42.0	>= 1.53.0	gRPC: denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32732 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-09 11:15 修改: 2023-08-02 16:43
grpc	CVE-2023-32732	中危	1.42.0	>= 1.53.0	gRPC: denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32732 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-09 11:15 修改: 2023-08-02 16:43
httparty	CVE-2024-22049	中危	0.16.4	>= 0.21.0	httparty before 0.21.0 is vulnerable to an assumed-immutable web param ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22049 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-01-04 21:15 修改: 2024-01-23 19:15
rack	CVE-2023-27539	中危	2.2.3	~> 2.0, >= 2.2.6.4, >= 3.0.6.1	rubygem-rack: denial of service in header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
rack	CVE-2024-25126	中危	2.2.3	~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25126 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-02-29 00:15 修改: 2024-06-10 18:15
rack	CVE-2024-26141	中危	2.2.3	~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Possible DoS Vulnerability with Range Header in Rack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26141 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-02-29 00:15 修改: 2024-06-10 17:16
rack	CVE-2024-26146	中危	2.2.3	~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26146 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-02-29 00:15 修改: 2024-06-10 18:15
httparty	GHSA-5pq7-52mg-hr42	中危	0.16.4	>= 0.21.0	httparty has multipart/form-data request tampering vulnerability 漏洞详情: https://github.com/advisories/GHSA-5pq7-52mg-hr42 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
httparty	CVE-2024-22049	中危	0.20.0	>= 0.21.0	httparty before 0.21.0 is vulnerable to an assumed-immutable web param ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22049 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-01-04 21:15 修改: 2024-01-23 19:15
httparty	GHSA-5pq7-52mg-hr42	中危	0.20.0	>= 0.21.0	httparty has multipart/form-data request tampering vulnerability 漏洞详情: https://github.com/advisories/GHSA-5pq7-52mg-hr42 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
carrierwave	CVE-2024-29034	中危	1.3.2	~> 2.2.6, >= 3.0.7	CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29034 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-24 20:15 修改: 2024-03-25 01:51
rack	CVE-2023-27539	中危	2.2.3.1	~> 2.0, >= 2.2.6.4, >= 3.0.6.1	rubygem-rack: denial of service in header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-09 01:15 修改: 2025-01-09 22:15
rack	CVE-2024-25126	中危	2.2.3.1	~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25126 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-02-29 00:15 修改: 2024-06-10 18:15
rack	CVE-2024-26141	中危	2.2.3.1	~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Possible DoS Vulnerability with Range Header in Rack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26141 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-02-29 00:15 修改: 2024-06-10 17:16
rack	CVE-2024-26146	中危	2.2.3.1	~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26146 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-02-29 00:15 修改: 2024-06-10 18:15
json-jwt	CVE-2023-51774	中危	1.13.0	~> 1.15.3, >= 1.15.3.1, >= 1.16.6	json-jwt: bypass of identity checks via a sign/encryption confusion attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51774 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-02-29 01:42 修改: 2024-08-26 20:35
actionpack	CVE-2022-22577	中危	6.1.4.7	~> 5.2.7, >= 5.2.7.1, ~> 6.0.4, >= 6.0.4.8, ~> 6.1.5, >= 6.1.5.1, >= 7.0.2.4	rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22577 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-26 17:15 修改: 2023-03-14 08:15
rails-html-sanitizer	CVE-2022-23518	中危	1.4.2	>= 1.4.4	rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23518 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 17:15 修改: 2024-02-01 16:06
rails-html-sanitizer	CVE-2022-23518	中危	1.4.2	>= 1.4.4	rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23518 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 17:15 修改: 2024-02-01 16:06
rails-html-sanitizer	CVE-2022-23519	中危	1.4.2	>= 1.4.4	rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23519 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 17:15 修改: 2024-02-01 15:59
rails-html-sanitizer	CVE-2022-23519	中危	1.4.2	>= 1.4.4	rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23519 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 17:15 修改: 2024-02-01 15:59
rails-html-sanitizer	CVE-2022-23520	中危	1.4.2	>= 1.4.4	rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23520 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 18:15 修改: 2024-02-01 16:52
rails-html-sanitizer	CVE-2022-23520	中危	1.4.2	>= 1.4.4	rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23520 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 18:15 修改: 2024-02-01 16:52
rails-html-sanitizer	CVE-2022-32209	中危	1.4.2	>= 1.4.3	rubygem-rails-html-sanitizer: possible xss with certain configurations 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32209 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-24 15:15 修改: 2024-02-01 16:22
rails-html-sanitizer	CVE-2022-32209	中危	1.4.2	>= 1.4.3	rubygem-rails-html-sanitizer: possible xss with certain configurations 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32209 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-24 15:15 修改: 2024-02-01 16:22
rdoc	CVE-2024-27281	中危	6.2.1.1	~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1	ruby: RCE vulnerability with .rdoc_options in RDoc 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27281 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-05-14 15:11 修改: 2024-08-20 14:35
rdoc	CVE-2024-27281	中危	6.3.2	~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1	ruby: RCE vulnerability with .rdoc_options in RDoc 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27281 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-05-14 15:11 修改: 2024-08-20 14:35
rdoc	CVE-2024-27281	中危	6.3.2	~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1	ruby: RCE vulnerability with .rdoc_options in RDoc 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27281 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-05-14 15:11 修改: 2024-08-20 14:35
actionview	CVE-2022-27777	中危	6.1.4.7	~> 5.2.7, >= 5.2.7.1, ~> 6.0.4, >= 6.0.4.8, ~> 6.1.5, >= 6.1.5.1, >= 7.0.2.4	tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27777 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-26 17:15 修改: 2023-03-14 08:15
rexml	CVE-2024-35176	中危	3.2.3.1	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-39908	中危	3.2.3.1	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41123	中危	3.2.3.1	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41946	中危	3.2.3.1	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-43398	中危	3.2.3.1	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
commonmarker	GHSA-4qw4-jpp4-8gvp	中危	0.23.4	>= 0.23.6	Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service 漏洞详情: https://github.com/advisories/GHSA-4qw4-jpp4-8gvp 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
commonmarker	GHSA-636f-xm5j-pj9m	中危	0.23.4	>= 0.23.7	Several quadratic complexity bugs may lead to denial of service in Commonmarker 漏洞详情: https://github.com/advisories/GHSA-636f-xm5j-pj9m 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
commonmarker	GHSA-7vh7-fw88-wj87	中危	0.23.4	>= 0.23.10	Several quadratic complexity bugs may lead to denial of service in Commonmarker 漏洞详情: https://github.com/advisories/GHSA-7vh7-fw88-wj87 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
rexml	CVE-2024-35176	中危	3.2.5	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-35176	中危	3.2.5	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-35176	中危	3.2.5	>= 3.2.7	REXML: DoS parsing an XML with many `<`s in an attribute value 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-05-16 16:15 修改: 2024-05-17 18:36
rexml	CVE-2024-39908	中危	3.2.5	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-39908	中危	3.2.5	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-39908	中危	3.2.5	>= 3.3.2	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-16 18:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41123	中危	3.2.5	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41123	中危	3.2.5	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41123	中危	3.2.5	>= 3.3.3	rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-01 15:15 修改: 2024-12-27 16:15
rexml	CVE-2024-41946	中危	3.2.5	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41946	中危	3.2.5	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-41946	中危	3.2.5	>= 3.3.3	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-01 15:15 修改: 2025-01-17 20:15
rexml	CVE-2024-43398	中危	3.2.5	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
rexml	CVE-2024-43398	中危	3.2.5	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
rexml	CVE-2024-43398	中危	3.2.5	>= 3.3.6	rexml: DoS vulnerability in REXML 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-22 15:15 修改: 2025-01-03 12:15
loofah	CVE-2022-23515	中危	2.16.0	>= 2.19.1	rubygem-loofah: Improper neutralization of data URIs leading to Cross Site Scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23515 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 14:15 修改: 2024-02-01 16:11
loofah	CVE-2022-23515	中危	2.16.0	>= 2.19.1	rubygem-loofah: Improper neutralization of data URIs leading to Cross Site Scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23515 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-14 14:15 修改: 2024-02-01 16:11
devise-two-factor	CVE-2024-8796	中危	4.0.2	>= 6.0.0	Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8796 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-17 18:15 修改: 2024-09-30 14:10
sanitize	CVE-2023-23627	中危	6.0.0	>= 6.0.1	Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23627 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-01-28 00:15 修改: 2023-02-06 19:05
sanitize	CVE-2023-23627	中危	6.0.0	>= 6.0.1	Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23627 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-01-28 00:15 修改: 2023-02-06 19:05
sidekiq	CVE-2023-26141	中危	6.4.0	~> 6.5.10, >= 7.1.3	sidekiq: DoS in dashboard-charts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26141 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-14 05:15 修改: 2024-09-25 19:35
actionview	CVE-2022-27777	中危	6.1.4.7	~> 5.2.7, >= 5.2.7.1, ~> 6.0.4, >= 6.0.4.8, ~> 6.1.5, >= 6.1.5.1, >= 7.0.2.4	tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27777 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-26 17:15 修改: 2023-03-14 08:15
doorkeeper	CVE-2023-34246	中危	5.5.0.rc2	>= 5.6.6	Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34246 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-12 17:15 修改: 2024-12-09 05:15
uri	CVE-2023-36617	中危	0.10.0	~> 0.10.0.3, ~> 0.10.3, ~> 0.11.2, >= 0.12.2	rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36617 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-29 13:15 修改: 2024-05-04 03:15
view_component	CVE-2024-21636	中危	2.50.0	~> 2.83.0, >= 3.9.0	view_component Cross-site Scripting vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21636 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-01-04 20:15 修改: 2024-01-10 15:45
fugit	CVE-2024-43380	中危	1.2.1	>= 1.11.1	fugit: Improper input validation in "natural" parser may lead to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43380 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-08-19 15:15 修改: 2024-08-21 12:38
yajl-ruby	CVE-2022-24795	中危	1.4.1	>= 1.4.2	yajl: heap-based buffer overflow when handling large inputs due to an integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-04-05 16:15 修改: 2023-11-07 03:44
actionmailer	CVE-2024-47889	低危	6.1.4.7	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionmailer: Possible ReDoS vulnerability in block_format in Action Mailer 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47889 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-16 21:15 修改: 2024-10-18 12:53
actionpack	CVE-2024-41128	低危	6.1.4.7	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionpack: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41128 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-16 18:15 修改: 2024-10-18 12:53
actionpack	CVE-2024-41128	低危	6.1.4.7	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionpack: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41128 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-16 18:15 修改: 2024-10-18 12:53
nokogiri	GHSA-r95h-9x8f-r3f7	低危	1.13.3	>= 1.16.5	Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 漏洞详情: https://github.com/advisories/GHSA-r95h-9x8f-r3f7 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-r95h-9x8f-r3f7	低危	1.13.3	>= 1.16.5	Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 漏洞详情: https://github.com/advisories/GHSA-r95h-9x8f-r3f7 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
actionpack	CVE-2024-47887	低危	6.1.4.7	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionpack: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47887 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-16 20:15 修改: 2024-10-18 12:53
actionpack	CVE-2024-47887	低危	6.1.4.7	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actionpack: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47887 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-16 20:15 修改: 2024-10-18 12:53
actiontext	CVE-2024-47888	低危	6.1.4.7	~> 6.1.7.9, ~> 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	rubygem-actiontext: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47888 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-10-16 21:15 修改: 2024-10-18 12:53

home/git/gitlab-shell/bin/check (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:39

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20211112202133-69e39bad7dc2	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.40.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.11.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20211112202133-69e39bad7dc2	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20211112202133-69e39bad7dc2	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.27.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20211112202133-69e39bad7dc2	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20211112202133-69e39bad7dc2	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20211112202133-69e39bad7dc2	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.40.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

home/git/gitlab-shell/bin/gitlab-shell (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:39

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20211112202133-69e39bad7dc2	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.40.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.11.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20211112202133-69e39bad7dc2	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20211112202133-69e39bad7dc2	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.27.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20211112202133-69e39bad7dc2	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20211112202133-69e39bad7dc2	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20211112202133-69e39bad7dc2	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.40.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

home/git/gitlab-shell/bin/gitlab-shell-authorized-keys-check (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:39

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20211112202133-69e39bad7dc2	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.40.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.11.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20211112202133-69e39bad7dc2	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20211112202133-69e39bad7dc2	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.27.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20211112202133-69e39bad7dc2	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20211112202133-69e39bad7dc2	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20211112202133-69e39bad7dc2	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.40.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

home/git/gitlab-shell/bin/gitlab-shell-authorized-principals-check (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:39

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20211112202133-69e39bad7dc2	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.40.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.11.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20211112202133-69e39bad7dc2	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20211112202133-69e39bad7dc2	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.27.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20211112202133-69e39bad7dc2	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20211112202133-69e39bad7dc2	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20211112202133-69e39bad7dc2	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.40.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

home/git/gitlab-shell/bin/gitlab-sshd (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:39

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20211112202133-69e39bad7dc2	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.40.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.11.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20211112202133-69e39bad7dc2	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20211112202133-69e39bad7dc2	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.27.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20211112202133-69e39bad7dc2	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20211112202133-69e39bad7dc2	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20211112202133-69e39bad7dc2	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20211112202133-69e39bad7dc2	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.40.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly (gobinary)

低危漏洞:1

中危漏洞:29

高危漏洞:45

严重漏洞:6

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-git/v5	CVE-2023-49569	严重	v5.3.0	5.11.0	go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49569 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-01-12 11:15 修改: 2024-01-22 18:57
github.com/go-git/go-git/v5	CVE-2025-21613	严重	v5.3.0	5.13.0	go-git: argument injection via the URL field 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20210711020723-a769d52b0f97	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gopkg.in/yaml.v3	CVE-2022-28948	高危	v3.0.0-20200313102051-9f266ea9e77c	3.0.0-20220521103104-8f96da9f5d5e	golang-gopkg-yaml: crash when attempting to deserialize invalid input 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28948 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-19 20:15 修改: 2022-10-28 19:06
github.com/go-git/go-git/v5	CVE-2025-21614	高危	v5.3.0	5.13.0	go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
github.com/go-git/go-git/v5	CVE-2023-49568	高危	v5.3.0	5.11.0	go-git: Maliciously crafted Git server replies can cause DoS on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49568 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-01-12 11:15 修改: 2024-01-22 17:57
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20210711020723-a769d52b0f97	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly-backup (gobinary)

低危漏洞:1

中危漏洞:29

高危漏洞:42

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20210711020723-a769d52b0f97	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20210711020723-a769d52b0f97	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly-blackbox (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:40

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly-debug (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:40

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly-git2go-v14 (gobinary)

低危漏洞:1

中危漏洞:29

高危漏洞:42

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20210711020723-a769d52b0f97	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20210711020723-a769d52b0f97	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly-hooks (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:41

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gopkg.in/yaml.v3	CVE-2022-28948	高危	v3.0.0-20200313102051-9f266ea9e77c	3.0.0-20220521103104-8f96da9f5d5e	golang-gopkg-yaml: crash when attempting to deserialize invalid input 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28948 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-19 20:15 修改: 2022-10-28 19:06
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly-lfs-smudge (gobinary)

低危漏洞:1

中危漏洞:29

高危漏洞:46

严重漏洞:5

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/git-lfs/git-lfs	CVE-2020-27955	严重	v1.5.1-0.20210304194248-2e1d981afbe3	2.12.1	Git LFS can execute a Git binary from the current directory 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27955 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2020-11-05 15:15 修改: 2021-12-16 20:35
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20210711020723-a769d52b0f97	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
github.com/git-lfs/git-lfs	CVE-2017-17831	高危	v1.5.1-0.20210304194248-2e1d981afbe3	2.1.1-0.20170519163204-f913f5f9c7c6	GitHub Git LFS Arbitrary command execution vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17831 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2017-12-21 06:29 修改: 2019-08-01 12:14
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gopkg.in/yaml.v3	CVE-2022-28948	高危	v3.0.0-20200313102051-9f266ea9e77c	3.0.0-20220521103104-8f96da9f5d5e	golang-gopkg-yaml: crash when attempting to deserialize invalid input 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28948 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-19 20:15 修改: 2022-10-28 19:06
github.com/git-lfs/git-lfs	CVE-2021-21237	高危	v1.5.1-0.20210304194248-2e1d981afbe3	2.13.2	Git LFS can execute a Git binary from the current directory on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21237 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-01-15 18:15 修改: 2021-01-29 22:18
github.com/git-lfs/git-lfs	CVE-2024-53263	高危	v1.5.1-0.20210304194248-2e1d981afbe3		git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53263 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-14 20:15 修改: 2025-01-14 20:15
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20210711020723-a769d52b0f97	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly-ssh (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:40

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitaly-wrapper (gobinary)

低危漏洞:1

中危漏洞:28

高危漏洞:40

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitlab-pages (gobinary)

低危漏洞:2

中危漏洞:29

高危漏洞:43

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20200622213623-75b288015ac9	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20200622213623-75b288015ac9	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210503060351-7fd8e65b6420	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210503060351-7fd8e65b6420	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210503060351-7fd8e65b6420	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210503060351-7fd8e65b6420	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210503060351-7fd8e65b6420	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.40.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.11.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/crypto	CVE-2020-29652	高危	v0.0.0-20200622213623-75b288015ac9	0.0.0-20201216223049-8b5274cf687f	golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29652 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2020-12-17 05:15 修改: 2023-11-07 03:21
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20200622213623-75b288015ac9	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20210806184541-e5e7981a1069	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20200622213623-75b288015ac9	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210503060351-7fd8e65b6420	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210503060351-7fd8e65b6420	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.40.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.27.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210503060351-7fd8e65b6420	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210503060351-7fd8e65b6420	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.1.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitlab-resize-image (gobinary)

低危漏洞:2

中危漏洞:24

高危漏洞:32

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/image	CVE-2024-24792	高危	v0.0.0-20191009234506-e7c1f5e7dbb8	0.18.0	Parsing a corrupt or malicious image with invalid color indices can ca ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-27 18:15 修改: 2024-08-01 13:47
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/image	CVE-2023-29407	中危	v0.0.0-20191009234506-e7c1f5e7dbb8	0.10.0	golang.org/x/image/tiff: excessive CPU consumption in decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29407 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
golang.org/x/image	CVE-2023-29408	中危	v0.0.0-20191009234506-e7c1f5e7dbb8	0.10.0	golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29408 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
golang.org/x/image	CVE-2022-41727	中危	v0.0.0-20191009234506-e7c1f5e7dbb8	0.5.0	golang.org/x/image: Uncontrolled Resource Consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41727 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/disintegration/imaging	CVE-2023-36308	低危	v1.6.2		disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-05 04:15 修改: 2024-08-02 17:16
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitlab-workhorse (gobinary)

低危漏洞:2

中危漏洞:32

高危漏洞:43

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20210711020723-a769d52b0f97	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/image	CVE-2024-24792	高危	v0.0.0-20191009234506-e7c1f5e7dbb8	0.18.0	Parsing a corrupt or malicious image with invalid color indices can ca ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-27 18:15 修改: 2024-08-01 13:47
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/image	CVE-2022-41727	中危	v0.0.0-20191009234506-e7c1f5e7dbb8	0.5.0	golang.org/x/image: Uncontrolled Resource Consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41727 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
golang.org/x/image	CVE-2023-29407	中危	v0.0.0-20191009234506-e7c1f5e7dbb8	0.10.0	golang.org/x/image/tiff: excessive CPU consumption in decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29407 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
golang.org/x/image	CVE-2023-29408	中危	v0.0.0-20191009234506-e7c1f5e7dbb8	0.10.0	golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29408 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:11
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20210711020723-a769d52b0f97	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.0.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitlab-zip-cat (gobinary)

低危漏洞:1

中危漏洞:22

高危漏洞:31

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/gitlab-zip-metadata (gobinary)

低危漏洞:1

中危漏洞:22

高危漏洞:31

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

usr/local/bin/praefect (gobinary)

低危漏洞:1

中危漏洞:29

高危漏洞:48

严重漏洞:6

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-git/v5	CVE-2023-49569	严重	v5.3.0	5.11.0	go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49569 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-01-12 11:15 修改: 2024-01-22 18:57
github.com/go-git/go-git/v5	CVE-2025-21613	严重	v5.3.0	5.13.0	go-git: argument injection via the URL field 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
golang.org/x/crypto	CVE-2024-45337	严重	v0.0.0-20210711020723-a769d52b0f97	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
stdlib	CVE-2023-24538	严重	1.17.9	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.17.9	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
github.com/jackc/pgx/v4	CVE-2024-27304	高危	v4.14.1	4.18.2	pgx: SQL Injection via Protocol Message Size Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27304 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-06 19:15 修改: 2024-12-12 21:15
github.com/prometheus/client_golang	CVE-2022-21698	高危	v1.10.0	1.11.1	prometheus/client_golang: Denial of service using InstrumentHandlerCounter 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-02-15 16:15 修改: 2023-11-07 03:43
github.com/go-git/go-git/v5	CVE-2023-49568	高危	v5.3.0	5.11.0	go-git: Maliciously crafted Git server replies can cause DoS on go-git clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49568 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-01-12 11:15 修改: 2024-01-22 17:57
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20210711020723-a769d52b0f97	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20210505214959-0714010a04ed	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20210505214959-0714010a04ed	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20210505214959-0714010a04ed	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/net	CVE-2024-45338	高危	v0.0.0-20210505214959-0714010a04ed	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
golang.org/x/text	CVE-2021-38561	高危	v0.3.6	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.6	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.38.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gopkg.in/yaml.v3	CVE-2022-28948	高危	v3.0.0-20200313102051-9f266ea9e77c	3.0.0-20220521103104-8f96da9f5d5e	golang-gopkg-yaml: crash when attempting to deserialize invalid input 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28948 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-05-19 20:15 修改: 2022-10-28 19:06
github.com/go-git/go-git/v5	CVE-2025-21614	高危	v5.3.0	5.13.0	go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2025-01-06 17:15 修改: 2025-01-06 17:15
github.com/jackc/pgproto3/v2	GHSA-7jwh-3vrq-q3m8	高危	v2.2.0	2.3.3	pgproto3 SQL Injection via Protocol Message Size Overflow 漏洞详情: https://github.com/advisories/GHSA-7jwh-3vrq-q3m8 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/jackc/pgx/v4	CVE-2024-27289	高危	v4.14.1	4.18.2	pgx: SQL Injection via Line Comment Creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-06 19:15 修改: 2024-03-06 21:42
stdlib	CVE-2022-27664	高危	1.17.9	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.17.9	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.17.9	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.17.9	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.17.9	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.17.9	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.17.9	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.17.9	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.17.9	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.17.9	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.17.9	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.17.9	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.17.9	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.17.9	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.17.9	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.17.9	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.17.9	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.17.9	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.17.9	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-04-06 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-24539	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-11-29 12:15
stdlib	CVE-2023-29400	高危	1.17.9	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-05-11 16:15 修改: 2024-12-13 14:15
stdlib	CVE-2023-29403	高危	1.17.9	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	1.17.9	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.17.9	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.17.9	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.17.9	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.17.9	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20210711020723-a769d52b0f97	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20210505214959-0714010a04ed	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20210505214959-0714010a04ed	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
google.golang.org/grpc	CVE-2023-44487	中危	v1.38.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.26.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 17:35
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20210505214959-0714010a04ed	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-10-10 14:15 修改: 2024-12-20 17:40
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20210505214959-0714010a04ed	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20211102192858-4dd72447c267	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-1705	中危	1.17.9	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.17.9	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.17.9	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.17.9	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.17.9	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.17.9	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.17.9	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.17.9	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.17.9	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.17.9	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.17.9	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.17.9	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35
stdlib	CVE-2023-45290	中危	1.17.9	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35
stdlib	CVE-2024-24783	中危	1.17.9	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35
stdlib	CVE-2024-24784	中危	1.17.9	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.17.9	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.17.9	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.17.9	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.17.9	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
stdlib	CVE-2024-34158	中危	1.17.9	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.17.9	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:815f92cb1dd98cca447b304b3da7b13c178581b36633f5be112db82ce4f23c17 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47

/etc/ssh/ssh_host_ed25519_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/authority/ca.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/gitlab/middleware/handle_malformed_strings_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/client/client.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/controllers/projects/settings/operations_controller_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/clusters/sample_key.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/ssl_key.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_ecdsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssl/private/ssl-cert-snakeoil.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitaly/ruby/spec/support/helpers/certs/gitalykey.pem ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/app/models/integrations/prometheus.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/gitlab/auth/ldap/config_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/models/integrations/prometheus_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/support/helpers/gpg_helpers.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/factories/pages_domains.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/features/projects/integrations/user_activates_slack_notifications_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/fixtures/x509_certificate_pk.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/config/secrets.yml ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/lib/api/helpers/integrations_helpers.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/authority/ca.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/qa/tls_certificates/client/client.key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_rsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/home/git/gitlab/spec/lib/json_web_token/rsa_token_spec.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息