Open s-miyaza opened 3 years ago
The libxtst vulnerability is mistakenly detected as a libxt vulnerability.
{ "resource": { "format": "apk", "name": "libxt", "version": "1.2.0-r0", "arch": "x86_64", "cpe": "pkg:/alpine:3.12.0:libxt:1.2.0-r0", "license": "custom", "name_hash": "f885026e0a7c2b558706ab9971d3ab56" }, "scanned": true, "vulnerabilities": [ { "name": "CVE-2013-2063", "description": "Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.", "nvd_score": 6.8, "nvd_score_version": "CVSS v2", "nvd_vectors": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "nvd_severity": "medium", "nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2063", "vendor_score": 6.8, "vendor_score_version": "CVSS v2", "vendor_vectors": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "vendor_severity": "medium", "publish_date": "2013-06-15", "modification_date": "2013-11-25" }, { "name": "CVE-2016-7951", "description": "Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.", "nvd_score": 7.5, "nvd_score_version": "CVSS v2", "nvd_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "nvd_severity": "high", "nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7951", "vendor_score": 7.5, "vendor_score_version": "CVSS v2", "vendor_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "vendor_severity": "high", "publish_date": "2016-12-13", "modification_date": "2020-08-27", "nvd_score_v3": 9.8, "nvd_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "nvd_severity_v3": "critical", "vendor_score_v3": 9.8, "vendor_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "vendor_severity_v3": "critical" } }
The libxtst vulnerability is mistakenly detected as a libxt vulnerability.