search

oracle / container-images

Oracle Linux container images
Other
183 stars 64 forks source link

jfrog reports several medium and low vulnerabilities for oraclelinux:8-slim #47

Closed sedflix closed 1 year ago

sedflix commented 2 years ago

The following report was generated by scanning oraclelinux:8-slim with jfrog and several of these are really old(2018,2019,2020)

Summary CVEs Severity Type Provider Component Infected Version Fix Version Edited Component Versions Id CVSS v2 CVSS v3 Cwe Id Is Source Root Source Comp Id Source Id
CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes CVE-2022-23308 Medium security JFrog 8:libxml2 All Versions 2022-06-06T21:44:08Z 8:libxml2 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-416 XRAY-198750 false rpm://8:libxml2:0:2.9.7-13.el8 rpm://8:libxml2
CVE-2021-31566 libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive CVE-2021-31566 Medium security JFrog 8:libarchive All Versions 2022-05-20T21:44:11Z 8:libarchive 4.4/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CWE-59 XRAY-192332 false rpm://8:libarchive:0:3.3.3-3.el8_5 rpm://8:libarchive
CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (moderate) CVE-2020-21674 Medium security JFrog 8:libarchive All Versions 2022-02-22T06:54:06Z 8:libarchive 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-787->CWE-122,CWE-787 XRAY-133961 false rpm://8:libarchive:0:3.3.3-3.el8_5 rpm://8:libarchive
CVE-2022-1586 pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c CVE-2022-1586 Medium security JFrog 8:pcre2 All Versions 2022-05-27T21:44:24Z 8:pcre2 6.4/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P 7.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CWE-125 XRAY-209666 false rpm://8:pcre2:0:10.32-2.el8 rpm://8:pcre2
CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate) CVE-2019-17543 Medium security JFrog 8:lz4-libs All Versions 2022-02-22T06:55:21Z 8:lz4-libs 6.8/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P 8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-122,CWE-787 XRAY-134601 false rpm://8:lz4-libs:0:1.8.3-3.el8_4 rpm://8:lz4-libs
CVE-2019-12904 Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate) CVE-2019-12904 Medium security JFrog 8:libgcrypt All Versions 2022-02-22T06:56:02Z 8:libgcrypt 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N 5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-385,CWE-310 XRAY-133231 false rpm://8:libgcrypt:0:1.8.5-6.el8 rpm://8:libgcrypt
CVE-2022-1434 openssl: Incorrect MAC key used in the RC4-MD5 ciphersuite (moderate) CVE-2022-1434 Medium security JFrog 8:openssl-libs All Versions 2022-05-25T21:44:24Z 8:openssl-libs 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N 5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CWE-327 XRAY-210787 false rpm://8:openssl-libs:1:1.1.1k-6.el8_5 rpm://8:openssl-libs
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) CVE-2019-1010022 Medium security JFrog 8:glibc-common All Versions 2022-02-22T06:56:01Z 8:glibc-common 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P 8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-121->CWE-119->CWE-305,CWE-119 XRAY-133149 false rpm://8:glibc-common:0:2.28-189.1.0.1.el8 rpm://8:glibc-common
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) CVE-2019-1010022 Medium security JFrog 8:glibc All Versions 2022-02-22T06:56:01Z 8:glibc 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P 8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-121->CWE-119->CWE-305,CWE-119 XRAY-133149 false rpm://8:glibc:0:2.28-189.1.0.1.el8 rpm://8:glibc
CVE-2021-3521 rpm: RPM does not require subkeys to have a valid binding signature CVE-2021-3521 Medium security JFrog 8:rpm All Versions 2022-05-20T21:44:10Z 8:rpm 4.4/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N CWE-347 XRAY-185978 false rpm://8:rpm:0:4.14.3-23.el8 rpm://8:rpm
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate) CVE-2018-20839 Medium security JFrog 8:systemd-libs All Versions 2022-02-22T06:55:28Z 8:systemd-libs 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N 6.4/CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CWE-200 XRAY-134751 false rpm://8:systemd-libs:0:239-58.0.1.el8 rpm://8:systemd-libs
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) CVE-2019-1010022 Medium security JFrog 8:glibc-minimal-langpack All Versions 2022-02-22T06:56:01Z 8:glibc-minimal-langpack 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P 8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-121->CWE-119->CWE-305,CWE-119 XRAY-133149 false rpm://8:glibc-minimal-langpack:0:2.28-189.1.0.1.el8 rpm://8:glibc-minimal-langpack
CVE-2022-27776 curl: auth/cookie leak on redirect CVE-2022-27776 Medium security JFrog 8:curl All Versions 2022-06-16T21:44:45Z 8:curl 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N 4.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CWE-522 XRAY-209155 false rpm://8:curl:0:7.61.1-22.el8 rpm://8:curl
CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate) CVE-2021-42694 Medium security JFrog 8:libgcc All Versions 2022-02-22T07:03:20Z 8:libgcc 5.1/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P 8.5/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CWE-838,CWE-94 XRAY-189600 false rpm://8:libgcc:0:8.5.0-10.0.2.el8 rpm://8:libgcc
CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate) CVE-2021-42694 Medium security JFrog 8:libstdc++ All Versions 2022-02-22T07:03:20Z 8:libstdc++ 5.1/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P 8.5/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CWE-838,CWE-94 XRAY-189600 false rpm://8:libstdc++:0:8.5.0-10.0.2.el8 rpm://8:libstdc++
CVE-2022-29155 openldap: OpenLDAP SQL injection (moderate) CVE-2022-29155 Medium security JFrog 8:openldap All Versions 2022-05-20T21:44:17Z 8:openldap 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P 6.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CWE-89 XRAY-209689 false rpm://8:openldap:0:2.4.46-18.el8 rpm://8:openldap
CVE-2022-27782 curl: TLS and SSH connection too eager reuse CVE-2022-27782 Medium security JFrog 8:curl All Versions 2022-06-12T21:44:08Z 8:curl 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N 6.0/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CWE-287,CWE-295 XRAY-210045 false rpm://8:curl:0:7.61.1-22.el8 rpm://8:curl
CVE-2022-1292 openssl: c_rehash script allows command injection (moderate) CVE-2022-1292 Medium security JFrog 8:openssl-libs All Versions 2022-06-12T21:44:08Z 8:openssl-libs 10.0/CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C 5.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE-77,CWE-78 XRAY-209571 false rpm://8:openssl-libs:1:1.1.1k-6.el8_5 rpm://8:openssl-libs
CVE-2017-14502 libarchive: Off-by-one error in the read_header function (moderate) CVE-2017-14502 Medium security JFrog 8:libarchive All Versions 2022-02-22T06:54:07Z 8:libarchive 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-193,CWE-125 XRAY-131952 false rpm://8:libarchive:0:3.3.3-3.el8_5 rpm://8:libarchive
CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 Medium security JFrog 8:curl All Versions 2022-06-10T21:44:17Z 8:curl 5.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N 4.6/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CWE-287 XRAY-209153 false rpm://8:curl:0:7.61.1-22.el8 rpm://8:curl
CVE-2022-29824 libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write (moderate) CVE-2022-29824 Medium security JFrog 8:libxml2 All Versions 2022-05-20T21:44:17Z 8:libxml2 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 7.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CWE-190 XRAY-209696 false rpm://8:libxml2:0:2.9.7-13.el8 rpm://8:libxml2
CVE-2021-35937 rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 Medium security JFrog 8:rpm All Versions 2022-05-20T21:44:11Z 8:rpm 6.3/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (CWE-59|CWE-367) XRAY-178848 false rpm://8:rpm:0:4.14.3-23.el8 rpm://8:rpm
CVE-2022-27774 curl: credential leak on redirect CVE-2022-27774 Medium security JFrog 8:curl All Versions 2022-06-16T21:44:45Z 8:curl 3.5/CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N 5.0/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CWE-522 XRAY-209154 false rpm://8:curl:0:7.61.1-22.el8 rpm://8:curl
CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 Medium security JFrog 8:rpm All Versions 2022-05-20T21:44:10Z 8:rpm 6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CWE-59 XRAY-178847 false rpm://8:rpm:0:4.14.3-23.el8 rpm://8:rpm
CVE-2021-40528 libgcrypt: ElGamal implementation allows plaintext recovery CVE-2021-40528 Medium security JFrog 8:libgcrypt All Versions 2022-02-22T07:03:18Z 8:libgcrypt 2.6/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N 5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-327 XRAY-188668 false rpm://8:libgcrypt:0:1.8.5-6.el8 rpm://8:libgcrypt
CVE-2021-23177 libarchive: extracting a symlink with ACLs modifies ACLs of target CVE-2021-23177 Medium security JFrog 8:libarchive All Versions 2022-05-20T21:44:11Z 8:libarchive 6.6/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CWE-59 XRAY-192333 false rpm://8:libarchive:0:3.3.3-3.el8_5 rpm://8:libarchive
CVE-2021-35939 rpm: checks for unsafe symlinks are not performed for intermediary directories CVE-2021-35939 Medium security JFrog 8:rpm All Versions 2022-05-20T21:44:11Z 8:rpm 6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CWE-59 XRAY-178849 false rpm://8:rpm:0:4.14.3-23.el8 rpm://8:rpm
CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low) CVE-2018-1000880 Low security JFrog 8:libarchive All Versions 2022-02-22T06:55:28Z 8:libarchive 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-20,CWE-119 XRAY-134705 false rpm://8:libarchive:0:3.3.3-3.el8_5 rpm://8:libarchive
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) CVE-2018-19211 Low security JFrog 8:ncurses-libs All Versions 2022-02-22T06:55:29Z 8:ncurses-libs 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-119,CWE-476 XRAY-132928 false rpm://8:ncurses-libs:0:6.1-9.20180224.el8 rpm://8:ncurses-libs
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) CVE-2018-19211 Low security JFrog 8:ncurses-base All Versions 2022-02-22T06:55:29Z 8:ncurses-base 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-119,CWE-476 XRAY-132928 false rpm://8:ncurses-base:0:6.1-9.20180224.el8 rpm://8:ncurses-base
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) CVE-2018-19217 Low security JFrog 8:ncurses-libs All Versions 2022-06-10T21:44:09Z 8:ncurses-libs 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-119,CWE-476 XRAY-132932 false rpm://8:ncurses-libs:0:6.1-9.20180224.el8 rpm://8:ncurses-libs
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) CVE-2018-19217 Low security JFrog 8:ncurses-base All Versions 2022-06-10T21:44:09Z 8:ncurses-base 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-119,CWE-476 XRAY-132932 false rpm://8:ncurses-base:0:6.1-9.20180224.el8 rpm://8:ncurses-base
CVE-2017-14166 libarchive: Heap-based buffer over-read in the atol8 function (low) CVE-2017-14166 Low security JFrog 8:libarchive All Versions 2022-02-22T06:55:25Z 8:libarchive 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-122,CWE-125 XRAY-131928 false rpm://8:libarchive:0:3.3.3-3.el8_5 rpm://8:libarchive
CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low) CVE-2019-9936 Low security JFrog 8:sqlite-libs All Versions 2022-06-10T21:44:09Z 8:sqlite-libs 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N 3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CWE-122,CWE-125 XRAY-134833 false rpm://8:sqlite-libs:0:3.26.0-15.el8 rpm://8:sqlite-libs
CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function CVE-2021-44568 Low security JFrog 8:libsolv All Versions 2022-05-20T21:44:16Z 8:libsolv 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 6.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H CWE-125,CWE-787 XRAY-199742 false rpm://8:libsolv:0:0.7.20-1.el8 rpm://8:libsolv
CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low) CVE-2019-8906 Low security JFrog 8:file-libs All Versions 2022-02-22T06:55:25Z 8:file-libs 3.6/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P 5.4/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CWE-125 XRAY-134829 false rpm://8:file-libs:0:5.33-20.el8 rpm://8:file-libs
CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low) CVE-2018-1000654 Low security JFrog 8:libtasn1 All Versions 2022-02-22T06:55:16Z 8:libtasn1 7.1/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C 4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CWE-20->CWE-400,NVD-CWE-noinfo XRAY-132660 false rpm://8:libtasn1:0:4.13-3.el8 rpm://8:libtasn1
CVE-2021-4209 GnuTLS: Null pointer dereference in MD_UPDATE CVE-2021-4209 Low security JFrog 8:gnutls All Versions 2022-05-20T21:44:11Z 8:gnutls 6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-476 XRAY-198315 false rpm://8:gnutls:0:3.6.16-4.el8 rpm://8:gnutls
CVE-2017-14501 libarchive: Out-of-bounds read in parse_file_info (low) CVE-2017-14501 Low security JFrog 8:libarchive All Versions 2022-02-22T06:56:10Z 8:libarchive 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-125 XRAY-131951 false rpm://8:libarchive:0:3.3.3-3.el8_5 rpm://8:libarchive
CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low) CVE-2019-12900 Low security JFrog 8:bzip2-libs All Versions 2022-06-10T21:44:08Z 8:bzip2-libs 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P 4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CWE-787 XRAY-133230 false rpm://8:bzip2-libs:0:1.0.6-26.el8 rpm://8:bzip2-libs
CVE-2018-16428 glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c (low) CVE-2018-16428 Low security JFrog 8:glib2 All Versions 2022-02-22T06:55:21Z 8:glib2 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-119,CWE-476 XRAY-132844 false rpm://8:glib2:0:2.56.4-158.el8 rpm://8:glib2
CVE-2021-45346 sqlite: crafted SQL query allows a malicious user to obtain sensitive information (low) CVE-2021-45346 Low security JFrog 8:sqlite-libs All Versions 2022-05-01T21:44:13Z 8:sqlite-libs 4.0/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N 3.1/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CWE-401->CWE-200,CWE-401 XRAY-209065 false rpm://8:sqlite-libs:0:3.26.0-15.el8 rpm://8:sqlite-libs
CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low) CVE-2018-20657 Low security JFrog 8:libstdc++ All Versions 2022-02-22T06:55:41Z 8:libstdc++ 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-400,CWE-772 XRAY-132991 false rpm://8:libstdc++:0:8.5.0-10.0.2.el8 rpm://8:libstdc++
CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low) CVE-2018-20657 Low security JFrog 8:libgcc All Versions 2022-02-22T06:55:41Z 8:libgcc 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-400,CWE-772 XRAY-132991 false rpm://8:libgcc:0:8.5.0-10.0.2.el8 rpm://8:libgcc
CVE-2021-43618 gmp: Integer overflow and resultant buffer overflow via crafted input (low) CVE-2021-43618 Low security JFrog 8:gmp All Versions 2022-05-20T21:44:11Z 8:gmp 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P 4.0/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CWE-190 XRAY-191006 false rpm://8:gmp:1:6.1.2-10.el8 rpm://8:gmp
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low security JFrog 8:libstdc++ All Versions 2022-02-22T06:56:11Z 8:libstdc++ 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-20->CWE-190->CWE-125,CWE-787,CWE-190 XRAY-133283 false rpm://8:libstdc++:0:8.5.0-10.0.2.el8 rpm://8:libstdc++
CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low) CVE-2018-1000879 Low security JFrog 8:libarchive All Versions 2022-02-22T06:55:25Z 8:libarchive 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-476 XRAY-134704 false rpm://8:libarchive:0:3.3.3-3.el8_5 rpm://8:libarchive
CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low) CVE-2019-9937 Low security JFrog 8:sqlite-libs All Versions 2022-06-10T21:44:09Z 8:sqlite-libs 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CWE-476 XRAY-134834 false rpm://8:sqlite-libs:0:3.26.0-15.el8 rpm://8:sqlite-libs
CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low) CVE-2019-19244 Low security JFrog 8:sqlite-libs All Versions 2022-02-22T06:56:18Z 8:sqlite-libs 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-20,NVD-CWE-noinfo XRAY-133415 false rpm://8:sqlite-libs:0:3.26.0-15.el8 rpm://8:sqlite-libs
CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low) CVE-2019-8905 Low security JFrog 8:file-libs All Versions 2022-02-22T06:55:25Z 8:file-libs 3.6/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P 5.4/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CWE-125 XRAY-134828 false rpm://8:file-libs:0:5.33-20.el8 rpm://8:file-libs
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low security JFrog 8:libgcc All Versions 2022-02-22T06:56:11Z 8:libgcc 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-20->CWE-190->CWE-125,CWE-787,CWE-190 XRAY-133283 false rpm://8:libgcc:0:8.5.0-10.0.2.el8 rpm://8:libgcc
Djelibeybi commented 1 year ago

We update these images any time a new package is released. Please ensure you are regularly updating your local copy or add RUN dnf -y update to your Dockerfile to automatically update when building downstream images.