quay.io/devtron/k8s-sidecar:1.1.0 linux/amd64

quay.io/devtron/k8s-sidecar:1.1.0 - Trivy安全扫描结果 扫描时间: 2024-12-27 19:08
全部漏洞信息
低危漏洞:2 中危漏洞:24 高危漏洞:52 严重漏洞:12

系统OS: alpine 3.12.0 扫描引擎: Trivy 扫描时间: 2024-12-27 19:08

quay.io/devtron/k8s-sidecar:1.1.0 (alpine 3.12.0) (alpine)
低危漏洞:2 中危漏洞:17 高危漏洞:44 严重漏洞:11
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
apk-tools CVE-2021-36159 严重 2.10.5-r1 2.10.7-r0 libfetch: an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36159

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-03 14:15 修改: 2023-11-07 03:36
expat CVE-2022-22822 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in addBinding in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22822

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-10 14:12 修改: 2022-10-06 15:29
expat CVE-2022-22823 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in build_model in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22823

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-22824 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in defineAttribute in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22824

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-23852 严重 2.2.9-r1 2.2.10-r1 expat: Integer overflow in function XML_GetBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23852

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-24 02:15 修改: 2022-10-29 02:44
expat CVE-2022-25235 严重 2.2.9-r1 2.2.10-r2 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25235

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-02-16 01:15 修改: 2023-11-07 03:44
expat CVE-2022-25236 严重 2.2.9-r1 2.2.10-r2 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25236

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-02-16 01:15 修改: 2023-11-07 03:44
expat CVE-2022-25315 严重 2.2.9-r1 2.2.10-r2 expat: Integer overflow in storeRawNames()

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25315

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
libcrypto1.1 CVE-2021-3711 严重 1.1.1g-r0 1.1.1l-r0 openssl: SM2 Decryption Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3711

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3711 严重 1.1.1g-r0 1.1.1l-r0 openssl: SM2 Decryption Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3711

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
zlib CVE-2022-37434 严重 1.2.11-r3 1.2.12-r2 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37434

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-08-05 07:15 修改: 2023-07-19 00:56
busybox CVE-2021-42386 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42386

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2022-28391 高危 1.31.1-r16 1.31.1-r22 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
apk-tools CVE-2021-30139 高危 2.10.5-r1 2.10.6-r0

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-30139

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-04-21 16:15 修改: 2021-04-22 18:21
busybox CVE-2021-28831 高危 1.31.1-r16 1.31.1-r20 busybox: invalid free or segmentation fault via malformed gzip data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
busybox CVE-2021-42378 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42378

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42379 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42379

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42380 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42380

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42381 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42381

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42382 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42382

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
expat CVE-2021-45960 高危 2.2.9-r1 2.2.10-r0 expat: Large number of prefixed XML attributes on a single tag can crash libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45960

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-01 19:15 修改: 2022-10-06 19:08
expat CVE-2021-46143 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in doProlog in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46143

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-06 04:15 修改: 2022-10-06 19:11
expat CVE-2022-22825 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in lookup in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22825

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-22826 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in nextScaffoldPart in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22826

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-10 14:12 修改: 2022-10-06 12:44
expat CVE-2022-22827 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in storeAtts in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22827

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-10 14:12 修改: 2022-10-06 12:52
expat CVE-2022-23990 高危 2.2.9-r1 2.2.10-r1 expat: integer overflow in the doProlog function

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23990

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-01-26 19:15 修改: 2023-11-07 03:44
expat CVE-2022-25314 高危 2.2.9-r1 2.2.10-r2 expat: Integer overflow in copyString()

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25314

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
krb5-libs CVE-2020-28196 高危 1.18.2-r0 1.18.3-r0 krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28196

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2020-11-06 08:15 修改: 2023-11-07 03:21
krb5-libs CVE-2021-36222 高危 1.18.2-r0 1.18.4-r0 krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36222

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2021-07-22 18:15 修改: 2021-11-28 23:19
busybox CVE-2021-42383 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42383

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
libcrypto1.1 CVE-2021-23840 高危 1.1.1g-r0 1.1.1j-r0 openssl: integer overflow in CipherUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-3450 高危 1.1.1g-r0 1.1.1k-r0 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libcrypto1.1 CVE-2021-3712 高危 1.1.1g-r0 1.1.1l-r0 openssl: Read buffer overruns processing ASN.1 strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3712

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2022-0778 高危 1.1.1g-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
busybox CVE-2021-42384 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42384

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
libssl1.1 CVE-2021-23840 高危 1.1.1g-r0 1.1.1j-r0 openssl: integer overflow in CipherUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3450 高危 1.1.1g-r0 1.1.1k-r0 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libssl1.1 CVE-2021-3712 高危 1.1.1g-r0 1.1.1l-r0 openssl: Read buffer overruns processing ASN.1 strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3712

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2022-0778 高危 1.1.1g-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
ncurses-libs CVE-2021-39537 高危 6.2_p20200523-r0 6.2_p20200523-r1 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
ncurses-terminfo-base CVE-2021-39537 高危 6.2_p20200523-r0 6.2_p20200523-r1 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
ssl_client CVE-2021-28831 高危 1.31.1-r16 1.31.1-r20 busybox: invalid free or segmentation fault via malformed gzip data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
ssl_client CVE-2021-42378 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42378

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42379 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42379

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42380 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42380

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42381 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42381

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42382 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42382

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42383 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42383

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42384 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42384

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42385 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42385

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42386 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42386

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2022-28391 高危 1.31.1-r16 1.31.1-r22 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
xz-libs CVE-2022-1271 高危 5.2.5-r0 5.2.5-r1 gzip: arbitrary-file-write vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1271

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-08-31 16:15 修改: 2024-08-26 10:47
busybox CVE-2021-42385 高危 1.31.1-r16 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42385

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
zlib CVE-2018-25032 高危 1.2.11-r3 1.2.12-r0 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25032

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2022-03-25 09:15 修改: 2023-11-07 02:56
sqlite-libs CVE-2020-15358 中危 3.32.1-r0 3.32.1-r1 sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15358

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2020-06-27 12:15 修改: 2022-05-12 15:01
sqlite-libs CVE-2021-20227 中危 3.32.1-r0 3.32.1-r1 sqlite: potential use-after-free bug when processing a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20227

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2021-03-23 17:15 修改: 2022-11-16 18:58
busybox CVE-2021-42374 中危 1.31.1-r16 1.31.1-r21 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42374

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
expat CVE-2022-25313 中危 2.2.9-r1 2.2.10-r2 expat: Stack exhaustion in doctype parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25313

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
libcrypto1.1 CVE-2020-1971 中危 1.1.1g-r0 1.1.1i-r0 openssl: EDIPARTYNAME NULL pointer de-reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-23841 中危 1.1.1g-r0 1.1.1j-r0 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2020-1971 中危 1.1.1g-r0 1.1.1i-r0 openssl: EDIPARTYNAME NULL pointer de-reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-23841 中危 1.1.1g-r0 1.1.1j-r0 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3449 中危 1.1.1g-r0 1.1.1k-r0 openssl: NULL pointer dereference in signature_algorithms processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
libuuid CVE-2021-3995 中危 2.35.2-r0 2.37.3-r0 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3995

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-08-23 20:15 修改: 2024-01-07 09:15
libuuid CVE-2021-3996 中危 2.35.2-r0 2.37.3-r0 util-linux: Unauthorized unmount of filesystems in libmount

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3996

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-08-23 20:15 修改: 2024-10-15 16:35
libuuid CVE-2022-0563 中危 2.35.2-r0 2.37.4-r0 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2022-02-21 19:15 修改: 2024-01-07 09:15
musl CVE-2020-28928 中危 1.1.24-r9 1.1.24-r10 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
ssl_client CVE-2021-42374 中危 1.31.1-r16 1.31.1-r21 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42374

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
musl-utils CVE-2020-28928 中危 1.1.24-r8 1.1.24-r10 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
libcrypto1.1 CVE-2021-3449 中危 1.1.1g-r0 1.1.1k-r0 openssl: NULL pointer dereference in signature_algorithms processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
krb5-libs CVE-2021-37750 中危 1.18.2-r0 1.18.5-r0 krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37750

镜像层: sha256:cfd52085ef94773f142e42415e39eb975133e03269fc0a7f03001d55ddabbab0

发布日期: 2021-08-23 05:15 修改: 2023-11-07 03:37
libcrypto1.1 CVE-2021-23839 低危 1.1.1g-r0 1.1.1j-r0 openssl: incorrect SSLv2 rollback protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-23839 低危 1.1.1g-r0 1.1.1j-r0 openssl: incorrect SSLv2 rollback protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839

镜像层: sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
Python (python-pkg)
低危漏洞:0 中危漏洞:7 高危漏洞:8 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
PyYAML CVE-2020-14343 严重 5.3.1 5.4 PyYAML: incomplete fix for CVE-2020-1747

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14343

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2021-02-09 21:15 修改: 2023-07-06 18:15
certifi CVE-2023-37920 高危 2020.6.20 2023.7.22 python-certifi: Removal of e-Tugra root certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37920

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2023-07-25 21:15 修改: 2023-08-12 06:16
pip CVE-2021-3572 高危 20.2.3 21.1 python-pip: Incorrect handling of unicode separators in git references

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3572

镜像层: sha256:22ee430ae506ec901fe175b712925a5ddcb63190f4587ddef46869964027ed2f

发布日期: 2021-11-10 18:15 修改: 2024-06-21 19:15
rsa CVE-2020-25658 高危 4.6 4.7 python-rsa: bleichenbacher timing oracle attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25658

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2020-11-12 14:15 修改: 2023-02-12 23:40
setuptools CVE-2022-40897 高危 50.3.0 65.5.1 pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897

镜像层: sha256:22ee430ae506ec901fe175b712925a5ddcb63190f4587ddef46869964027ed2f

发布日期: 2022-12-23 00:15 修改: 2024-10-29 15:35
setuptools CVE-2024-6345 高危 50.3.0 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:22ee430ae506ec901fe175b712925a5ddcb63190f4587ddef46869964027ed2f

发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
urllib3 CVE-2021-33503 高危 1.25.10 1.26.5 python-urllib3: ReDoS in the parsing of authority part of URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33503

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2021-06-29 11:15 修改: 2023-11-07 03:35
urllib3 CVE-2023-43804 高危 1.25.10 2.0.6, 1.26.17 python-urllib3: Cookie request header isn't stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43804

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2023-10-04 17:15 修改: 2024-12-13 14:15
wheel CVE-2022-40898 高危 0.35.1 0.38.1 python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40898

镜像层: sha256:22ee430ae506ec901fe175b712925a5ddcb63190f4587ddef46869964027ed2f

发布日期: 2022-12-23 00:15 修改: 2022-12-30 22:15
certifi CVE-2022-23491 中危 2020.6.20 2022.12.07 python-certifi: untrusted root certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23491

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2022-12-07 22:15 修改: 2023-03-24 18:12
pip CVE-2023-5752 中危 20.2.3 23.3 pip: Mercurial configuration injectable in repo revision when installing via pip

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5752

镜像层: sha256:22ee430ae506ec901fe175b712925a5ddcb63190f4587ddef46869964027ed2f

发布日期: 2023-10-25 18:17 修改: 2024-06-10 18:15
requests CVE-2023-32681 中危 2.24.0 2.31.0 python-requests: Unintended leak of Proxy-Authorization header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32681

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2023-05-26 18:15 修改: 2023-09-17 09:15
requests CVE-2024-35195 中危 2.24.0 2.32.0 requests: subsequent requests to the same host ignore cert verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35195

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2024-05-20 21:15 修改: 2024-06-10 17:16
urllib3 CVE-2023-45803 中危 1.25.10 2.0.7, 1.26.18 urllib3: Request body not stripped after redirect from 303 status changes request method to GET

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45803

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2023-10-17 20:15 修改: 2023-11-03 22:15
urllib3 CVE-2024-37891 中危 1.25.10 1.26.19, 2.2.2 urllib3: proxy-authorization request header is not stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
idna CVE-2024-3651 中危 2.10 3.7 python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3651

镜像层: sha256:c807d233eb756e0b7212df3d7faaa91959b5fcfdcd0d05ca60759504fe4df1b7

发布日期: 2024-07-07 18:15 修改: 2024-07-11 14:58