docker.io/shmilylty/oneforall:latest linux/amd64

docker.io/shmilylty/oneforall:latest - Trivy安全扫描结果 扫描时间: 2024-11-28 18:27
全部漏洞信息
低危漏洞:4 中危漏洞:16 高危漏洞:15 严重漏洞:1

系统OS: alpine 3.10.5 扫描引擎: Trivy 扫描时间: 2024-11-28 18:27

docker.io/shmilylty/oneforall:latest (alpine 3.10.5) (alpine)
低危漏洞:2 中危漏洞:8 高危漏洞:8 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
apk-tools CVE-2021-36159 严重 2.10.4-r2 2.10.7-r0 libfetch: an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36159

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-08-03 14:15 修改: 2023-11-07 03:36
apk-tools CVE-2021-30139 高危 2.10.4-r2 2.10.6-r0

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-30139

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-04-21 16:15 修改: 2021-04-22 18:21
busybox CVE-2021-28831 高危 1.30.1-r3 1.30.1-r5 busybox: invalid free or segmentation fault via malformed gzip data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
krb5-libs CVE-2020-28196 高危 1.17-r0 1.17.2-r0 krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28196

镜像层: sha256:e1c1f46b85cc05d2ca7a9f9cd0fcc863f796332abcb561fd6c35f39fc6cc4072

发布日期: 2020-11-06 08:15 修改: 2023-11-07 03:21
libcrypto1.1 CVE-2021-23840 高危 1.1.1g-r0 1.1.1j-r0 openssl: integer overflow in CipherUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-3450 高危 1.1.1g-r0 1.1.1k-r0 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libssl1.1 CVE-2021-23840 高危 1.1.1g-r0 1.1.1j-r0 openssl: integer overflow in CipherUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3450 高危 1.1.1g-r0 1.1.1k-r0 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
ssl_client CVE-2021-28831 高危 1.30.1-r3 1.30.1-r5 busybox: invalid free or segmentation fault via malformed gzip data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
libcrypto1.1 CVE-2021-3449 中危 1.1.1g-r0 1.1.1k-r0 openssl: NULL pointer dereference in signature_algorithms processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
binutils CVE-2021-3487 中危 2.32-r1 2.33.1-r1 binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3487

镜像层: sha256:0b769f8830c114163f2ceafc3781fb5eb864d83c595e3ff1d47f783a416a8ed9

发布日期: 2021-04-15 14:15 修改: 2023-11-20 05:15
libcrypto1.1 CVE-2020-1971 中危 1.1.1g-r0 1.1.1i-r0 openssl: EDIPARTYNAME NULL pointer de-reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2020-1971 中危 1.1.1g-r0 1.1.1i-r0 openssl: EDIPARTYNAME NULL pointer de-reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-23841 中危 1.1.1g-r0 1.1.1j-r0 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3449 中危 1.1.1g-r0 1.1.1k-r0 openssl: NULL pointer dereference in signature_algorithms processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
musl-utils CVE-2020-28928 中危 1.1.22-r3 1.1.22-r4 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
libcrypto1.1 CVE-2021-23841 中危 1.1.1g-r0 1.1.1j-r0 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-23839 低危 1.1.1g-r0 1.1.1j-r0 openssl: incorrect SSLv2 rollback protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-23839 低危 1.1.1g-r0 1.1.1j-r0 openssl: incorrect SSLv2 rollback protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839

镜像层: sha256:1b3ee35aacca9866b01dd96e870136266bde18006ac2f0d6eb706c798d1fa3c3

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
Python (python-pkg)
低危漏洞:2 中危漏洞:8 高危漏洞:7 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
certifi CVE-2023-37920 高危 2022.6.15 2023.7.22 python-certifi: Removal of e-Tugra root certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37920

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2023-07-25 21:15 修改: 2023-08-12 06:16
future CVE-2022-40899 高危 0.18.2 0.18.3 python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40899

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2022-12-23 00:15 修改: 2023-01-23 18:57
pip CVE-2021-3572 高危 20.1.1 21.1 python-pip: Incorrect handling of unicode separators in git references

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3572

镜像层: sha256:4e633e2489a34740ac31195babdd884e9f9eb3fab340c53af87b25e31643f344

发布日期: 2021-11-10 18:15 修改: 2024-06-21 19:15
setuptools CVE-2022-40897 高危 46.4.0 65.5.1 pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897

镜像层: sha256:4e633e2489a34740ac31195babdd884e9f9eb3fab340c53af87b25e31643f344

发布日期: 2022-12-23 00:15 修改: 2024-10-29 15:35
setuptools CVE-2024-6345 高危 46.4.0 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:4e633e2489a34740ac31195babdd884e9f9eb3fab340c53af87b25e31643f344

发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
urllib3 CVE-2023-43804 高危 1.26.9 2.0.6, 1.26.17 python-urllib3: Cookie request header isn't stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43804

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2023-10-04 17:15 修改: 2024-02-01 00:55
wheel CVE-2022-40898 高危 0.34.2 0.38.1 python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40898

镜像层: sha256:4e633e2489a34740ac31195babdd884e9f9eb3fab340c53af87b25e31643f344

发布日期: 2022-12-23 00:15 修改: 2022-12-30 22:15
requests CVE-2023-32681 中危 2.28.1 2.31.0 python-requests: Unintended leak of Proxy-Authorization header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32681

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2023-05-26 18:15 修改: 2023-09-17 09:15
requests CVE-2024-35195 中危 2.28.1 2.32.0 requests: subsequent requests to the same host ignore cert verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35195

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2024-05-20 21:15 修改: 2024-06-10 17:16
certifi CVE-2022-23491 中危 2022.6.15 2022.12.07 python-certifi: untrusted root certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23491

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2022-12-07 22:15 修改: 2023-03-24 18:12
idna CVE-2024-3651 中危 3.3 3.7 python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3651

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2024-07-07 18:15 修改: 2024-07-11 14:58
dnspython CVE-2023-29483 中危 2.2.1 2.6.1 dnspython: denial of service in stub resolver

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29483

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2024-04-11 14:15 修改: 2024-08-27 19:35
urllib3 CVE-2023-45803 中危 1.26.9 2.0.7, 1.26.18 urllib3: Request body not stripped after redirect from 303 status changes request method to GET

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45803

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2023-10-17 20:15 修改: 2023-11-03 22:15
urllib3 CVE-2024-37891 中危 1.26.9 1.26.19, 2.2.2 urllib3: proxy-authorization request header is not stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
pip CVE-2023-5752 中危 20.1.1 23.3 pip: Mercurial configuration injectable in repo revision when installing via pip

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5752

镜像层: sha256:4e633e2489a34740ac31195babdd884e9f9eb3fab340c53af87b25e31643f344

发布日期: 2023-10-25 18:17 修改: 2024-06-10 18:15
certifi CVE-2024-39689 低危 2022.6.15 2024.07.04 python-certifi: Remove root certificates from `GLOBALTRUST` from the root store

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39689

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2024-07-05 19:15 修改: 2024-07-08 15:49
tqdm CVE-2024-34062 低危 4.64.0 4.66.3 python-tqdm: non-boolean CLI arguments may lead to local code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34062

镜像层: sha256:6077b0860508013cc8d49f278ec84969436479fd1d30a2be532a851f1aead8bf

发布日期: 2024-05-03 10:15 修改: 2024-06-10 17:16