Potential security issues

Hi, We have scanned official Rocket.Chat docker image (3.9.7) with Dockle and Trivy audit tools. Below you can find results. Could you check and if it is possible (an issue) fix this alerts?

Dockle:

dockle rocketchat/rocket.chat:3.9.7
FATAL   - CIS-DI-0009: Use COPY instead of ADD in Dockerfile
        * Use COPY : /bin/sh -c #(nop) ADD dir:1bff38a2c35b62ea8aeb85837ba8ee4d4b5520aafb3ee25e8f33ed741d2d8121 in /app
FATAL   - DKL-DI-0005: Clear apt-get caches
        * Use 'rm -rf /var/lib/apt/lists' after 'apt-get install' : /bin/sh -c groupadd -g 65533 -r rocketchat     && useradd -u 65533 -r -g rocketchat rocketchat     && mkdir -p /app/uploads     && chown rocketchat:rocketchat /app/uploads     && apt-get update     && apt-get install -y --no-install-recommends fontconfig
        * Use 'rm -rf /var/lib/apt/lists' after 'apt-get install' : /bin/sh -c aptMark="$(apt-mark showmanual)"     && apt-get install -y --no-install-recommends g++ make python ca-certificates     && cd /app/bundle/programs/server     && npm install     && apt-mark auto '.*' > /dev/null     && apt-mark manual $aptMark > /dev/null     && find /usr/local -type f -executable -exec ldd '{}' ';'        | awk '/=>/ { print $(NF-1) }'        | sort -u        | xargs -r dpkg-query --search        | cut -d: -f1        | sort -u        | xargs -r apt-mark manual     && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false     && npm cache clear --force     && chown -R rocketchat:rocketchat /app
INFO    - CIS-DI-0005: Enable Content trust for Docker
        * export DOCKER_CONTENT_TRUST=1 before docker pull/build
INFO    - CIS-DI-0006: Add HEALTHCHECK instruction to the container image
        * not found HEALTHCHECK statement
INFO    - CIS-DI-0008: Confirm safety of setuid/setgid files
        * setuid file: urwxr-xr-x usr/bin/gpasswd
        * setgid file: grwxr-xr-x usr/bin/wall
        * setuid file: urwxr-xr-x usr/bin/passwd
        * setgid file: grwxr-xr-x usr/bin/expiry
        * setuid file: urwxr-xr-x usr/bin/chsh
        * setgid file: grwxr-xr-x sbin/unix_chkpwd
        * setuid file: urwxr-xr-x bin/su
        * setuid file: urwxr-xr-x usr/bin/chfn
        * setuid file: urwxr-xr-x usr/bin/newgrp
        * setuid file: urwxr-xr-x bin/mount
        * setgid file: grwxr-xr-x usr/bin/chage
        * setuid file: urwxr-xr-x bin/umount
INFO    - DKL-LI-0003: Only put necessary files
        * unnecessary file : app/Dockerfile
        * Suspicious directory : root/.npm

Trivy:

2021-03-05T08:11:37.657+0100    [34mINFO[0m   Detecting Debian vulnerabilities...
2021-03-05T08:11:37.663+0100    [34mINFO[0m   Trivy skips scanning programming language libraries because no supported file was detected

rocketchat/rocket.chat:3.9.7 (debian 10.5)
==========================================
Total: 102 (UNKNOWN: 0, LOW: 69, MEDIUM: 13, HIGH: 20, CRITICAL: 0)

+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
|    LIBRARY     |  VULNERABILITY ID   | SEVERITY | INSTALLED VERSION |    FIXED VERSION     |                           TITLE                            |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| apt            | CVE-2020-27350      | MEDIUM   | 1.8.2.1           | 1.8.2.2              | APT had several integer                                    |
|                |                     |          |                   |                      | overflows and underflows while                             |
|                |                     |          |                   |                      | parsing .deb packages, aka...                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-27350                      |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2011-3374       | LOW      |                   |                      | It was found that apt-key in apt,                          |
|                |                     |          |                   |                      | all versions, do not correctly...                          |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2011-3374                       |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| bash           | CVE-2019-18276      |          | 5.0-4             |                      | bash: when effective UID is not                            |
|                |                     |          |                   |                      | equal to its real UID the...                               |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-18276                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | TEMP-0841856-B18BAF |          |                   |                      | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| coreutils      | CVE-2016-2781       |          | 8.30-3            |                      | coreutils: Non-privileged                                  |
|                |                     |          |                   |                      | session can escape to the                                  |
|                |                     |          |                   |                      | parent session in chroot                                   |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2016-2781                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2017-18018      |          |                   |                      | coreutils: race condition                                  |
|                |                     |          |                   |                      | vulnerability in chown and chgrp                           |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2017-18018                      |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| gcc-8-base     | CVE-2018-12886      | HIGH     | 8.3.0-6           |                      | gcc: spilling of stack                                     |
|                |                     |          |                   |                      | protection address in cfgexpand.c                          |
|                |                     |          |                   |                      | and function.c leads to...                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-12886                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-15847      |          |                   |                      | gcc: POWER9 "DARN" RNG intrinsic                           |
|                |                     |          |                   |                      | produces repeated output                                   |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-15847                      |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| gpgv           | CVE-2019-14855      | LOW      | 2.2.12-1+deb10u1  |                      | gnupg2: OpenPGP Key Certification                          |
|                |                     |          |                   |                      | Forgeries with SHA-1                                       |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-14855                      |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libapt-pkg5.0  | CVE-2020-27350      | MEDIUM   | 1.8.2.1           | 1.8.2.2              | APT had several integer                                    |
|                |                     |          |                   |                      | overflows and underflows while                             |
|                |                     |          |                   |                      | parsing .deb packages, aka...                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-27350                      |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2011-3374       | LOW      |                   |                      | It was found that apt-key in apt,                          |
|                |                     |          |                   |                      | all versions, do not correctly...                          |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2011-3374                       |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libc-bin       | CVE-2020-1751       | HIGH     | 2.28-10           |                      | glibc: array overflow in                                   |
|                |                     |          |                   |                      | backtrace functions for powerpc                            |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-1751                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-1752       |          |                   |                      | glibc: use-after-free in glob()                            |
|                |                     |          |                   |                      | function when expanding ~user                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-1752                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2021-3326       |          |                   |                      | glibc: Assertion failure in                                |
|                |                     |          |                   |                      | ISO-2022-JP-3 gconv module                                 |
|                |                     |          |                   |                      | related to combining characters                            |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2021-3326                       |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-25013      | MEDIUM   |                   |                      | glibc: buffer over-read in                                 |
|                |                     |          |                   |                      | iconv when processing invalid                              |
|                |                     |          |                   |                      | multi-byte input sequences in...                           |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-25013                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-10029      |          |                   |                      | glibc: stack corruption                                    |
|                |                     |          |                   |                      | from crafted input in cosl,                                |
|                |                     |          |                   |                      | sinl, sincosl, and tanl...                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-10029                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-27618      |          |                   |                      | glibc: iconv when processing                               |
|                |                     |          |                   |                      | invalid multi-byte input                                   |
|                |                     |          |                   |                      | sequences fails to advance the...                          |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-27618                      |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2010-4051       | LOW      |                   |                      | CVE-2010-4052 glibc: De-recursivise                        |
|                |                     |          |                   |                      | regular expression engine                                  |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2010-4051                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2010-4052       |          |                   |                      | CVE-2010-4051 CVE-2010-4052                                |
|                |                     |          |                   |                      | glibc: De-recursivise                                      |
|                |                     |          |                   |                      | regular expression engine                                  |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2010-4052                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2010-4756       |          |                   |                      | glibc: glob implementation                                 |
|                |                     |          |                   |                      | can cause excessive CPU and                                |
|                |                     |          |                   |                      | memory consumption due to...                               |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2010-4756                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2016-10228      |          |                   |                      | glibc: iconv program can hang                              |
|                |                     |          |                   |                      | when invoked with the -c option                            |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2016-10228                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2018-20796      |          |                   |                      | glibc: uncontrolled recursion in                           |
|                |                     |          |                   |                      | function check_dst_limits_calc_pos_1                       |
|                |                     |          |                   |                      | in posix/regexec.c                                         |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-20796                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-1010022    |          |                   |                      | glibc: stack guard protection bypass                       |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-1010022                    |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-1010023    |          |                   |                      | glibc: running ldd on malicious ELF                        |
|                |                     |          |                   |                      | leads to code execution because of...                      |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-1010023                    |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-1010024    |          |                   |                      | glibc: ASLR bypass using                                   |
|                |                     |          |                   |                      | cache of thread stack and heap                             |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-1010024                    |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-1010025    |          |                   |                      | glibc: information disclosure of heap                      |
|                |                     |          |                   |                      | addresses of pthread_created thread                        |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-1010025                    |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-19126      |          |                   |                      | glibc: LD_PREFER_MAP_32BIT_EXEC                            |
|                |                     |          |                   |                      | not ignored in setuid binaries                             |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-19126                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-9192       |          |                   |                      | glibc: uncontrolled recursion in                           |
|                |                     |          |                   |                      | function check_dst_limits_calc_pos_1                       |
|                |                     |          |                   |                      | in posix/regexec.c                                         |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-9192                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-6096       |          |                   |                      | glibc: signed comparison                                   |
|                |                     |          |                   |                      | vulnerability in the                                       |
|                |                     |          |                   |                      | ARMv7 memcpy function                                      |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-6096                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2021-27645      |          |                   |                      | glibc: Use-after-free in                                   |
|                |                     |          |                   |                      | addgetnetgrentX function                                   |
|                |                     |          |                   |                      | in netgroupcache.c                                         |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2021-27645                      |
+----------------+---------------------+----------+                   +----------------------+------------------------------------------------------------+
| libc6          | CVE-2020-1751       | HIGH     |                   |                      | glibc: array overflow in                                   |
|                |                     |          |                   |                      | backtrace functions for powerpc                            |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-1751                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-1752       |          |                   |                      | glibc: use-after-free in glob()                            |
|                |                     |          |                   |                      | function when expanding ~user                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-1752                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2021-3326       |          |                   |                      | glibc: Assertion failure in                                |
|                |                     |          |                   |                      | ISO-2022-JP-3 gconv module                                 |
|                |                     |          |                   |                      | related to combining characters                            |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2021-3326                       |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-25013      | MEDIUM   |                   |                      | glibc: buffer over-read in                                 |
|                |                     |          |                   |                      | iconv when processing invalid                              |
|                |                     |          |                   |                      | multi-byte input sequences in...                           |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-25013                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-10029      |          |                   |                      | glibc: stack corruption                                    |
|                |                     |          |                   |                      | from crafted input in cosl,                                |
|                |                     |          |                   |                      | sinl, sincosl, and tanl...                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-10029                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-27618      |          |                   |                      | glibc: iconv when processing                               |
|                |                     |          |                   |                      | invalid multi-byte input                                   |
|                |                     |          |                   |                      | sequences fails to advance the...                          |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-27618                      |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2010-4051       | LOW      |                   |                      | CVE-2010-4052 glibc: De-recursivise                        |
|                |                     |          |                   |                      | regular expression engine                                  |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2010-4051                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2010-4052       |          |                   |                      | CVE-2010-4051 CVE-2010-4052                                |
|                |                     |          |                   |                      | glibc: De-recursivise                                      |
|                |                     |          |                   |                      | regular expression engine                                  |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2010-4052                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2010-4756       |          |                   |                      | glibc: glob implementation                                 |
|                |                     |          |                   |                      | can cause excessive CPU and                                |
|                |                     |          |                   |                      | memory consumption due to...                               |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2010-4756                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2016-10228      |          |                   |                      | glibc: iconv program can hang                              |
|                |                     |          |                   |                      | when invoked with the -c option                            |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2016-10228                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2018-20796      |          |                   |                      | glibc: uncontrolled recursion in                           |
|                |                     |          |                   |                      | function check_dst_limits_calc_pos_1                       |
|                |                     |          |                   |                      | in posix/regexec.c                                         |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-20796                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-1010022    |          |                   |                      | glibc: stack guard protection bypass                       |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-1010022                    |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-1010023    |          |                   |                      | glibc: running ldd on malicious ELF                        |
|                |                     |          |                   |                      | leads to code execution because of...                      |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-1010023                    |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-1010024    |          |                   |                      | glibc: ASLR bypass using                                   |
|                |                     |          |                   |                      | cache of thread stack and heap                             |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-1010024                    |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-1010025    |          |                   |                      | glibc: information disclosure of heap                      |
|                |                     |          |                   |                      | addresses of pthread_created thread                        |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-1010025                    |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-19126      |          |                   |                      | glibc: LD_PREFER_MAP_32BIT_EXEC                            |
|                |                     |          |                   |                      | not ignored in setuid binaries                             |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-19126                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-9192       |          |                   |                      | glibc: uncontrolled recursion in                           |
|                |                     |          |                   |                      | function check_dst_limits_calc_pos_1                       |
|                |                     |          |                   |                      | in posix/regexec.c                                         |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-9192                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-6096       |          |                   |                      | glibc: signed comparison                                   |
|                |                     |          |                   |                      | vulnerability in the                                       |
|                |                     |          |                   |                      | ARMv7 memcpy function                                      |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-6096                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2021-27645      |          |                   |                      | glibc: Use-after-free in                                   |
|                |                     |          |                   |                      | addgetnetgrentX function                                   |
|                |                     |          |                   |                      | in netgroupcache.c                                         |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2021-27645                      |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| libexpat1      | CVE-2013-0340       |          | 2.2.6-2+deb10u1   |                      | expat: internal entity expansion                           |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2013-0340                       |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libgcc1        | CVE-2018-12886      | HIGH     | 8.3.0-6           |                      | gcc: spilling of stack                                     |
|                |                     |          |                   |                      | protection address in cfgexpand.c                          |
|                |                     |          |                   |                      | and function.c leads to...                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-12886                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-15847      |          |                   |                      | gcc: POWER9 "DARN" RNG intrinsic                           |
|                |                     |          |                   |                      | produces repeated output                                   |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-15847                      |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libgcrypt20    | CVE-2019-13627      | MEDIUM   | 1.8.4-5           |                      | libgcrypt: ECDSA timing attack                             |
|                |                     |          |                   |                      | allowing private key leak                                  |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-13627                      |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2018-6829       | LOW      |                   |                      | libgcrypt: ElGamal implementation                          |
|                |                     |          |                   |                      | doesn't have semantic security due                         |
|                |                     |          |                   |                      | to incorrectly encoded plaintexts...                       |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-6829                       |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libgnutls30    | CVE-2020-24659      | HIGH     | 3.6.7-4+deb10u5   |                      | gnutls: Heap buffer                                        |
|                |                     |          |                   |                      | overflow in handshake with                                 |
|                |                     |          |                   |                      | no_renegotiation alert sent                                |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-24659                      |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2011-3389       | LOW      |                   |                      | HTTPS: block-wise chosen-plaintext                         |
|                |                     |          |                   |                      | attack against SSL/TLS (BEAST)                             |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2011-3389                       |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libidn2-0      | CVE-2019-12290      | HIGH     | 2.0.5-1+deb10u1   |                      | GNU libidn2 before 2.2.0                                   |
|                |                     |          |                   |                      | fails to perform the roundtrip                             |
|                |                     |          |                   |                      | checks specified in...                                     |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-12290                      |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| liblz4-1       | CVE-2019-17543      | LOW      | 1.8.3-1           |                      | lz4: heap-based buffer                                     |
|                |                     |          |                   |                      | overflow in LZ4_write32                                    |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-17543                      |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libp11-kit0    | CVE-2020-29361      | HIGH     | 0.23.15-2         | 0.23.15-2+deb10u1    | p11-kit: integer overflow when                             |
|                |                     |          |                   |                      | allocating memory for arrays                               |
|                |                     |          |                   |                      | or attributes and object...                                |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-29361                      |
+                +---------------------+          +                   +                      +------------------------------------------------------------+
|                | CVE-2020-29363      |          |                   |                      | p11-kit: out-of-bounds write in                            |
|                |                     |          |                   |                      | p11_rpc_buffer_get_byte_array_value                        |
|                |                     |          |                   |                      | function in rpc-message.c                                  |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-29363                      |
+                +---------------------+----------+                   +                      +------------------------------------------------------------+
|                | CVE-2020-29362      | MEDIUM   |                   |                      | p11-kit: out-of-bounds read in                             |
|                |                     |          |                   |                      | p11_rpc_buffer_get_byte_array                              |
|                |                     |          |                   |                      | function in rpc-message.c                                  |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-29362                      |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| libpcre3       | CVE-2020-14155      |          | 2:8.39-12         |                      | pcre: integer overflow in libpcre                          |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-14155                      |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2017-11164      | LOW      |                   |                      | pcre: OP_KETRMAX feature in the                            |
|                |                     |          |                   |                      | match function in pcre_exec.c                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2017-11164                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2017-16231      |          |                   |                      | pcre: self-recursive call                                  |
|                |                     |          |                   |                      | in match() in pcre_exec.c                                  |
|                |                     |          |                   |                      | leads to denial of service...                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2017-16231                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2017-7245       |          |                   |                      | pcre: stack-based buffer overflow                          |
|                |                     |          |                   |                      | write in pcre32_copy_substring                             |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2017-7245                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2017-7246       |          |                   |                      | pcre: stack-based buffer overflow                          |
|                |                     |          |                   |                      | write in pcre32_copy_substring                             |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2017-7246                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-20838      |          |                   |                      | pcre: buffer over-read in                                  |
|                |                     |          |                   |                      | JIT when UTF is disabled                                   |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-20838                      |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| libpng16-16    | CVE-2018-14048      |          | 1.6.36-6          |                      | libpng: Segmentation fault in                              |
|                |                     |          |                   |                      | png.c:png_free_data function                               |
|                |                     |          |                   |                      | causing denial of service                                  |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-14048                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2018-14550      |          |                   |                      | libpng: Stack-based buffer overflow in                     |
|                |                     |          |                   |                      | contrib/pngminus/pnm2png.c:get_token()                     |
|                |                     |          |                   |                      | potentially leading to                                     |
|                |                     |          |                   |                      | arbitrary code execution...                                |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-14550                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-6129       |          |                   |                      | libpng: memory leak of                                     |
|                |                     |          |                   |                      | png_info struct in pngcp.c                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-6129                       |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| libseccomp2    | CVE-2019-9893       |          | 2.3.3-4           |                      | libseccomp: incorrect generation                           |
|                |                     |          |                   |                      | of syscall filters in libseccomp                           |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-9893                       |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libstdc++6     | CVE-2018-12886      | HIGH     | 8.3.0-6           |                      | gcc: spilling of stack                                     |
|                |                     |          |                   |                      | protection address in cfgexpand.c                          |
|                |                     |          |                   |                      | and function.c leads to...                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-12886                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-15847      |          |                   |                      | gcc: POWER9 "DARN" RNG intrinsic                           |
|                |                     |          |                   |                      | produces repeated output                                   |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-15847                      |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| libsystemd0    | CVE-2019-3843       |          | 241-7~deb10u4     |                      | systemd: services with DynamicUser                         |
|                |                     |          |                   |                      | can create SUID/SGID binaries                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-3843                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-3844       |          |                   |                      | systemd: services with DynamicUser                         |
|                |                     |          |                   |                      | can get new privileges and                                 |
|                |                     |          |                   |                      | create SGID binaries...                                    |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-3844                       |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2013-4392       | LOW      |                   |                      | systemd: TOCTOU race condition                             |
|                |                     |          |                   |                      | when updating file permissions                             |
|                |                     |          |                   |                      | and SELinux security contexts...                           |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2013-4392                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-20386      |          |                   |                      | systemd: memory leak in button_open()                      |
|                |                     |          |                   |                      | in login/logind-button.c when                              |
|                |                     |          |                   |                      | udev events are received...                                |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-20386                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-13776      |          |                   |                      | systemd: mishandles numerical                              |
|                |                     |          |                   |                      | usernames beginning with decimal                           |
|                |                     |          |                   |                      | digits or 0x followed by...                                |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-13776                      |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| libtasn1-6     | CVE-2018-1000654    |          | 4.13-3            |                      | libtasn1: Infinite loop in                                 |
|                |                     |          |                   |                      | _asn1_expand_object_id(ptree)                              |
|                |                     |          |                   |                      | leads to memory exhaustion                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-1000654                    |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libudev1       | CVE-2019-3843       | HIGH     | 241-7~deb10u4     |                      | systemd: services with DynamicUser                         |
|                |                     |          |                   |                      | can create SUID/SGID binaries                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-3843                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-3844       |          |                   |                      | systemd: services with DynamicUser                         |
|                |                     |          |                   |                      | can get new privileges and                                 |
|                |                     |          |                   |                      | create SGID binaries...                                    |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-3844                       |
+                +---------------------+----------+                   +----------------------+------------------------------------------------------------+
|                | CVE-2013-4392       | LOW      |                   |                      | systemd: TOCTOU race condition                             |
|                |                     |          |                   |                      | when updating file permissions                             |
|                |                     |          |                   |                      | and SELinux security contexts...                           |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2013-4392                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-20386      |          |                   |                      | systemd: memory leak in button_open()                      |
|                |                     |          |                   |                      | in login/logind-button.c when                              |
|                |                     |          |                   |                      | udev events are received...                                |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-20386                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2020-13776      |          |                   |                      | systemd: mishandles numerical                              |
|                |                     |          |                   |                      | usernames beginning with decimal                           |
|                |                     |          |                   |                      | digits or 0x followed by...                                |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2020-13776                      |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| libzstd1       | CVE-2021-24031      | MEDIUM   | 1.3.8+dfsg-3      | 1.3.8+dfsg-3+deb10u1 | zstd: adds read permissions                                |
|                |                     |          |                   |                      | to files while being                                       |
|                |                     |          |                   |                      | compressed or uncompressed                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2021-24031                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2021-24032      |          |                   | 1.3.8+dfsg-3+deb10u2 | zstd: Race condition                                       |
|                |                     |          |                   |                      | allows attacker to access                                  |
|                |                     |          |                   |                      | world-readable destination file                            |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2021-24032                      |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+
| login          | CVE-2007-5686       | LOW      | 1:4.5-1.1         |                      | initscripts in rPath Linux 1                               |
|                |                     |          |                   |                      | sets insecure permissions for                              |
|                |                     |          |                   |                      | the /var/log/btmp file,...                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2007-5686                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2013-4235       |          |                   |                      | shadow-utils: TOCTOU race                                  |
|                |                     |          |                   |                      | conditions by copying and                                  |
|                |                     |          |                   |                      | removing directory trees                                   |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2013-4235                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2018-7169       |          |                   |                      | shadow-utils: newgidmap                                    |
|                |                     |          |                   |                      | allows unprivileged user to                                |
|                |                     |          |                   |                      | drop supplementary groups                                  |
|                |                     |          |                   |                      | potentially allowing privilege...                          |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-7169                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-19882      |          |                   |                      | shadow-utils: local users can                              |
|                |                     |          |                   |                      | obtain root access because setuid                          |
|                |                     |          |                   |                      | programs are misconfigured...                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-19882                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | TEMP-0628843-DBAD28 |          |                   |                      | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28 |
+----------------+---------------------+          +                   +----------------------+------------------------------------------------------------+
| passwd         | CVE-2007-5686       |          |                   |                      | initscripts in rPath Linux 1                               |
|                |                     |          |                   |                      | sets insecure permissions for                              |
|                |                     |          |                   |                      | the /var/log/btmp file,...                                 |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2007-5686                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2013-4235       |          |                   |                      | shadow-utils: TOCTOU race                                  |
|                |                     |          |                   |                      | conditions by copying and                                  |
|                |                     |          |                   |                      | removing directory trees                                   |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2013-4235                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2018-7169       |          |                   |                      | shadow-utils: newgidmap                                    |
|                |                     |          |                   |                      | allows unprivileged user to                                |
|                |                     |          |                   |                      | drop supplementary groups                                  |
|                |                     |          |                   |                      | potentially allowing privilege...                          |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2018-7169                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-19882      |          |                   |                      | shadow-utils: local users can                              |
|                |                     |          |                   |                      | obtain root access because setuid                          |
|                |                     |          |                   |                      | programs are misconfigured...                              |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-19882                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | TEMP-0628843-DBAD28 |          |                   |                      | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28 |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| perl-base      | CVE-2011-4116       |          | 5.28.1-6+deb10u1  |                      | perl: File::Temp insecure                                  |
|                |                     |          |                   |                      | temporary file handling                                    |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2011-4116                       |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| sysvinit-utils | TEMP-0517018-A83CE6 |          | 2.93-8            |                      | -->security-tracker.debian.org/tracker/TEMP-0517018-A83CE6 |
+----------------+---------------------+          +-------------------+----------------------+------------------------------------------------------------+
| tar            | CVE-2005-2541       |          | 1.30+dfsg-6       |                      | Tar 1.15.1 does not                                        |
|                |                     |          |                   |                      | properly warn the user when                                |
|                |                     |          |                   |                      | extracting setuid or...                                    |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2005-2541                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2019-9923       |          |                   |                      | tar: null-pointer dereference                              |
|                |                     |          |                   |                      | in pax_decode_header in sparse.c                           |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2019-9923                       |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | CVE-2021-20193      |          |                   |                      | tar: Memory leak in                                        |
|                |                     |          |                   |                      | read_header() in list.c                                    |
|                |                     |          |                   |                      | -->avd.aquasec.com/nvd/cve-2021-20193                      |
+                +---------------------+          +                   +----------------------+------------------------------------------------------------+
|                | TEMP-0290435-0B57B5 |          |                   |                      | -->security-tracker.debian.org/tracker/TEMP-0290435-0B57B5 |
+----------------+---------------------+----------+-------------------+----------------------+------------------------------------------------------------+

RocketChat / Docker.Official.Image

Potential security issues #136